Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

Advertisements


#17
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here are the OTL logs.

ComboFix 11-05-21.03 - Quintero Family 05/22/2011 15:57:04.5.2 - x86
Running from: c:\documents and settings\Quintero Family\Desktop\george.exe.exe
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-20 22:51 . 2011-05-22 22:57 -------- d-----w- C:\quarantine
2011-05-17 03:20 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 03:20 . 2011-05-17 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 03:20 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 02:05 . 2011-05-17 02:05 -------- d-----w- C:\_OTL
2011-05-16 02:33 . 2011-05-16 02:33 -------- d-----w- C:\iolo
2011-05-15 18:51 . 2011-05-16 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-14 03:49 . 2011-05-14 03:49 17036 ----a-w- C:\win32k.sys
2011-05-14 03:48 . 2011-05-14 03:48 0 ----a-w- C:\spmsg.dll
2011-05-14 03:48 . 2011-05-14 03:48 17036 ----a-w- C:\spuninst[2].exe
2011-05-14 03:46 . 2011-05-14 03:46 17036 ----a-w- C:\spuninst[1].exe
2011-05-14 03:46 . 2011-05-14 03:46 17036 ----a-w- C:\spuninst.exe
2011-05-13 20:38 . 2007-07-17 01:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-05-13 20:34 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-05-13 20:34 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-05-13 20:34 . 2004-08-04 10:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-05-13 20:34 . 2004-08-04 10:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-05-13 20:34 . 2004-08-04 10:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-05-13 20:32 . 2004-08-04 10:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-05-13 20:31 . 2004-08-04 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-05-13 20:30 . 2004-08-04 10:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2011-05-13 20:01 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-05-13 20:01 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-05-13 20:01 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-05-13 20:01 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-05-12 10:24 . 2011-05-12 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-12 08:15 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-12 08:15 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-12 08:15 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-12 08:14 . 2011-05-16 00:10 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-28 21:34 . 2011-04-28 21:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 22:24 . 2010-04-07 18:37 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-03-15 22:23 . 2010-04-07 18:37 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-03-15 22:23 . 2010-04-07 18:37 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-03-15 22:21 . 2010-04-07 18:37 2234552 ----a-w- c:\windows\system32\Incinerator.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-02-25 273544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-17 01:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-12-16 14:50 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-17 01:45 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-17 01:45 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2004-08-06 10:50 139320 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 16:48 147514 ----a-w- c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-07-17 01:45 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-11-08 21:01 49152 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-17 01:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2004-09-23 03:00 94208 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 afhrrty;afhrrty;c:\windows\System32\drivers\wadsj.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 136176]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 136176]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-20 158248]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-01-15 58464]
S1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
S2 AMP;AMP;c:\windows\system32\DRIVERS\amp.sys [2010-01-20 127016]
S2 AMPSE;AMPSE;c:\windows\system32\DRIVERS\ampse.sys [2010-01-20 1118248]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-20 121384]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-20 117288]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 20:09]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 20:09]
.
2011-04-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-05-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
2011-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 16:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\iavlsp.dll
c:\windows\system32\EntApi.dll
.
Completion time: 2011-05-22 16:07:37
ComboFix-quarantined-files.txt 2011-05-22 23:07
ComboFix2.txt 2011-05-21 02:00
ComboFix3.txt 2011-05-20 22:59
.
Pre-Run: 283,697,635,328 bytes free
Post-Run: 283,670,290,432 bytes free
.
Current=3 Default=3 Failed=0 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 9D4A19068988954C34301A0F05CAA714
  • 0

#18
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the OTL extra.

OTL Extras logfile created on: 5/22/2011 4:45:35 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Quintero Family\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 264.23 Gb Free Space | 89.56% Space Free | Partition Type: NTFS

Computer Name: DBGW1BF1 | User Name: Quintero Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield® -- (iolo technologies, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13453DAA-8424-4B9C-844F-FC44C621F9E3}" = OLYMPUS Master 2
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3134052E-B1F0-465C-B320-5042095B1033}" = Nero 7 Essentials
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Ask Toolbar
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition 2.0.0.20 (US)
"FrostWire" = FrostWire 4.20.3
"Google Desktop" = Google Desktop
"MAGIX MP3 Maker 12 deluxe US" = MAGIX MP3 Maker 12 deluxe 8.1.1.114 (US)
"MAGIX Photo Manager 2007 US" = MAGIX Photo Manager 2007 4.1.1.77 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"61240c64869513c2" = Napster Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager
"Mahjongg Master 5" = Mahjongg Master 5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 4:29:52 PM | Computer Name = DBGW1BF1 | Source = SceCli | ID = 1000
Description = Security configuration was not backed up. Error 1208 to open database.

Error - 5/13/2011 11:52:38 PM | Computer Name = DBGW1BF1 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
DBGW1BF1 IP 192.168.1.64 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 5/15/2011 3:08:57 PM | Computer Name = DBGW1BF1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/15/2011 4:01:48 PM | Computer Name = DBGW1BF1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/15/2011 8:04:58 PM | Computer Name = DBGW1BF1 | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/15/2011 10:38:27 PM | Computer Name = DBGW1BF1 | Source = IoloSGCtrl.exe | ID = 0
Description =

Error - 5/15/2011 10:39:11 PM | Computer Name = DBGW1BF1 | Source = ioloServiceManager.exe | ID = 0
Description =

Error - 5/15/2011 10:39:24 PM | Computer Name = DBGW1BF1 | Source = ioloServiceManager.exe | ID = 0
Description =

Error - 5/20/2011 6:51:17 PM | Computer Name = DBGW1BF1 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\Documents and Settings\Quintero
Family\Local Settings\Temp\Av-test.txt is infected with the EICAR test file Test.
No cleaner available, quarantined successfully . Detected using Scan engine version
4400 DAT version 4442.(from DBGW1BF1 IP 192.168.1.64 user DBGW1BF1 running VirusScan
Enter 8.0 OAS)

Error - 5/22/2011 6:57:04 PM | Computer Name = DBGW1BF1 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\Documents and Settings\Quintero
Family\Local Settings\temp\Av-test.txt is infected with the EICAR test file Test.
No cleaner available, quarantined successfully . Detected using Scan engine version
4400 DAT version 4442.(from DBGW1BF1 IP 192.168.1.64 user DBGW1BF1 running VirusScan
Enter 8.0 OAS)

[ iolo Applications Events ]
Error - 5/11/2011 9:52:49 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/11/2011 10:29:56 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/11/2011 9:23:37 PM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 12:23:40 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 1:04:58 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 1:39:55 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 2:04:11 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 2:30:43 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 4:04:06 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

Error - 5/12/2011 4:23:47 AM | Computer Name = DBGW1BF1 | Source = System Shield | ID = 11
Description = The definition downloading job failed. Job name: Defs update Error
code: -2147012867

[ System Events ]
Error - 5/21/2011 6:08:27 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10010
Description = The server {F5F6647E-A36B-42BB-AD4E-A93753DE4DCD} did not register
with DCOM within the required timeout.

Error - 5/21/2011 6:31:28 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/21/2011 6:31:31 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/21/2011 6:31:31 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/21/2011 6:31:31 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/21/2011 10:38:59 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/22/2011 6:54:40 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/22/2011 6:54:42 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/22/2011 6:54:42 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/22/2011 6:54:42 PM | Computer Name = DBGW1BF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Start, Run, services.msc, OK then find Background Intelligent Transfer Service (BITS) and right click and select Properties. IF not already set to Automatic, change Startup Type: to Automatic. Apply. Try to start the service. Do you get an error? Does it start.

You post the combofix log again. Can you find the latest OTL log?

Ron
  • 0

#20
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Sorry about that. Here is the latest OTL. I also did the services.msc and did get an error message. it read: Error 1083: The executable program that this service is configured to run in does not implement the service.



OTL logfile created on: 5/22/2011 4:45:35 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Quintero Family\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 264.23 Gb Free Space | 89.56% Space Free | Partition Type: NTFS

Computer Name: DBGW1BF1 | User Name: Quintero Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Quintero Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\Program Files\Napster\napster.exe (Napster)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Quintero Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (McShield) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (RapportCerberus_26169) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (NaiAvFilter1) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (Network Associates, Inc.)
DRV - (NaiAvTdi1) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (EntDrv51) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (Network Associates, Inc)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071216
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071216

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/25 13:03:44 | 000,000,000 | ---D | M]

[2009/04/02 17:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Quintero Family\Application Data\Mozilla\Extensions
[2009/04/02 17:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Quintero Family\Application Data\Mozilla\Extensions\[email protected]
[2009/06/27 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Quintero Family\Application Data\Mozilla\Firefox\extensions
[2009/06/27 11:58:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Quintero Family\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2011/05/20 18:58:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238564486359 (MUWebControl Class)
O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} http://www.iolo.com/...x/AVCheckUp.ocx (iolo.AV.OnlineVirusScanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Quintero Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Quintero Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 16:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/21 15:37:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Quintero Family\Desktop\OTL.exe
[2011/05/20 17:52:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Quintero Family\Desktop\aswMBR.exe
[2011/05/20 16:39:02 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Quintero Family\My Documents\windows-kb890830-v3.5.exe
[2011/05/20 16:39:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Quintero Family\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/20 16:39:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Quintero Family\My Documents\OTL.exe
[2011/05/20 16:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Quintero Family\My Documents\tdsskiller
[2011/05/20 15:51:17 | 000,000,000 | ---D | C] -- C:\quarantine
[2011/05/20 15:46:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/20 15:38:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/20 15:38:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/20 15:38:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/20 15:38:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/20 15:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 15:34:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 20:20:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/16 20:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 20:20:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/16 20:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 19:05:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/15 19:33:29 | 000,000,000 | ---D | C] -- C:\iolo
[2011/05/15 11:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/05/13 14:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/13 13:38:31 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/05/13 13:34:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/05/13 13:34:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/05/13 13:34:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/05/13 13:34:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/05/13 13:34:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/05/13 13:34:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/05/13 13:34:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/05/13 13:34:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/05/13 13:34:04 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/05/13 13:34:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/05/13 13:34:03 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/05/13 13:33:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/05/13 13:33:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/05/13 13:33:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/05/13 13:33:51 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/05/13 13:33:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/05/13 13:33:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/05/13 13:33:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/05/13 13:33:50 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/05/13 13:33:49 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/05/13 13:33:49 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/05/13 13:33:49 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/05/13 13:33:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/05/13 13:33:41 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/05/13 13:33:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/05/13 13:33:40 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/05/13 13:33:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/05/13 13:33:39 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/05/13 13:33:39 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/05/13 13:33:39 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/05/13 13:33:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/05/13 13:33:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/05/13 13:33:38 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/05/13 13:33:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/05/13 13:33:37 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/05/13 13:33:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/05/13 13:33:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/05/13 13:33:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/05/13 13:33:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/05/13 13:33:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/05/13 13:33:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/05/13 13:33:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/05/13 13:33:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/05/13 13:33:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/05/13 13:33:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/05/13 13:33:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/05/13 13:33:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/05/13 13:33:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/05/13 13:33:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/05/13 13:33:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/05/13 13:33:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/05/13 13:33:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/05/13 13:33:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/05/13 13:33:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/05/13 13:33:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/05/13 13:33:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/13 13:33:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/13 13:33:24 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/13 13:33:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/05/13 13:33:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/05/13 13:33:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/05/13 13:33:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/05/13 13:33:16 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/05/13 13:33:15 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/05/13 13:33:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/05/13 13:33:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/05/13 13:33:11 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/05/13 13:33:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/05/13 13:33:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/05/13 13:33:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/05/13 13:33:10 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/05/13 13:33:10 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/05/13 13:33:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2011/05/13 13:33:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/05/13 13:33:08 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/05/13 13:33:06 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/05/13 13:33:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/05/13 13:33:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/05/13 13:33:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/05/13 13:33:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/05/13 13:32:53 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/05/13 13:32:44 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/05/13 13:32:43 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/05/13 13:32:31 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/05/13 13:32:31 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/05/13 13:32:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/05/13 13:32:29 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/05/13 13:32:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/05/13 13:32:28 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/05/13 13:32:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/05/13 13:32:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/05/13 13:32:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/05/13 13:32:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/05/13 13:32:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/05/13 13:32:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/05/13 13:32:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/05/13 13:32:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/05/13 13:32:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/05/13 13:32:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/05/13 13:32:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/05/13 13:32:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/05/13 13:32:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/05/13 13:32:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/05/13 13:32:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/05/13 13:32:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/05/13 13:32:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/05/13 13:32:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/05/13 13:32:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/05/13 13:32:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/05/13 13:32:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/05/13 13:32:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/05/13 13:32:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/05/13 13:32:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/05/13 13:32:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/05/13 13:32:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/05/13 13:32:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/05/13 13:32:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/05/13 13:32:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/05/13 13:32:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/05/13 13:32:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/05/13 13:32:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/05/13 13:32:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/05/13 13:32:16 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/05/13 13:32:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/05/13 13:32:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/05/13 13:32:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/05/13 13:32:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/05/13 13:32:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/05/13 13:32:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/05/13 13:32:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/05/13 13:32:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/05/13 13:32:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/05/13 13:32:11 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/05/13 13:32:11 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/05/13 13:32:10 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/05/13 13:32:10 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/05/13 13:32:10 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/05/13 13:32:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/05/13 13:32:10 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/05/13 13:32:09 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/05/13 13:32:09 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/05/13 13:32:08 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/05/13 13:32:08 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/05/13 13:32:08 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/05/13 13:32:08 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/05/13 13:32:08 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/05/13 13:32:07 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/05/13 13:32:07 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/05/13 13:32:07 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/05/13 13:32:06 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/05/13 13:32:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/05/13 13:32:06 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/05/13 13:32:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/05/13 13:32:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/05/13 13:32:05 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/05/13 13:32:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/05/13 13:32:02 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2011/05/13 13:32:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/05/13 13:31:58 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/05/13 13:31:52 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/05/13 13:31:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/05/13 13:31:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/05/13 13:31:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/05/13 13:31:39 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/05/13 13:31:39 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/05/13 13:31:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/05/13 13:31:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/05/13 13:31:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/05/13 13:31:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/05/13 13:31:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/05/13 13:31:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/05/13 13:31:35 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/05/13 13:31:35 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/05/13 13:31:35 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/05/13 13:31:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/05/13 13:31:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/05/13 13:31:23 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/05/13 13:31:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/05/13 13:31:17 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/05/13 13:31:17 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/05/13 13:31:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/05/13 13:31:16 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/05/13 13:31:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/05/13 13:31:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/05/13 13:31:15 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/05/13 13:31:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/05/13 13:31:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/05/13 13:31:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/05/13 13:31:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/05/13 13:31:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/05/13 13:31:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/13 13:31:11 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/05/13 13:31:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/05/13 13:31:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/05/13 13:30:48 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/05/13 13:30:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/05/13 13:30:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/05/13 13:30:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/05/13 13:30:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/05/13 13:30:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/05/13 13:30:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/05/13 13:30:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/05/13 13:30:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/05/13 13:30:26 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/05/13 13:30:26 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/05/13 13:30:26 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/05/13 13:30:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/05/13 13:30:22 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/05/13 13:30:22 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/05/13 13:30:21 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/05/13 13:30:21 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/05/13 13:30:21 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/05/13 13:30:21 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/05/13 13:30:21 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/05/13 13:30:20 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/05/13 13:30:20 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/05/13 13:30:20 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/05/13 13:30:20 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/05/13 13:30:20 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/05/13 13:30:20 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/05/13 13:30:19 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/05/13 13:30:19 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/05/13 13:30:19 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/05/13 13:30:18 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/05/13 13:30:18 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/05/13 13:30:18 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/05/13 13:30:17 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/05/13 13:30:15 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/05/13 13:01:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/05/13 13:01:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/05/13 13:01:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/05/13 13:01:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/05/12 03:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/12 01:59:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Quintero Family\Recent
[2011/05/12 01:15:48 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/05/12 01:15:38 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/05/12 01:15:38 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/05/12 01:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2011/05/22 16:22:29 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 15:55:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
[2011/05/22 15:55:03 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
[2011/05/22 15:54:16 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 15:54:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 15:11:52 | 004,352,705 | R--- | M] () -- C:\Documents and Settings\Quintero Family\Desktop\george.exe.exe
[2011/05/20 18:58:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 17:44:46 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Quintero Family\Desktop\aswMBR.exe
[2011/05/20 16:52:19 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Quintero Family\Desktop\Shortcut to IEXPLORE.lnk
[2011/05/20 15:46:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/20 15:31:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 20:20:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 20:16:44 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Quintero Family\My Documents\tdsskiller.zip
[2011/05/16 20:01:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Quintero Family\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/15 18:02:22 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Quintero Family\My Documents\gmer.zip
[2011/05/15 18:00:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Quintero Family\My Documents\OTL.exe
[2011/05/15 18:00:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Quintero Family\Desktop\OTL.exe
[2011/05/15 17:38:22 | 1062,416,384 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/13 20:49:17 | 000,017,036 | ---- | M] () -- C:\update_sp3qfe.inf
[2011/05/13 20:49:03 | 000,017,036 | ---- | M] () -- C:\win32k.sys
[2011/05/13 20:48:50 | 000,000,000 | ---- | M] () -- C:\spmsg.dll
[2011/05/13 20:48:37 | 000,017,036 | ---- | M] () -- C:\spuninst[2].exe
[2011/05/13 20:46:47 | 000,017,036 | ---- | M] () -- C:\spuninst[1].exe
[2011/05/13 20:46:28 | 000,017,036 | ---- | M] () -- C:\spuninst.exe
[2011/05/13 13:36:42 | 000,312,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 13:35:58 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/13 13:28:36 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/13 13:09:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/13 13:01:38 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/05/12 02:03:07 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Quintero Family\Desktop\rk-proxy.reg
[2011/05/12 01:13:48 | 000,155,075 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/11 23:56:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/30 00:33:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2011/05/21 15:08:31 | 004,352,705 | R--- | C] () -- C:\Documents and Settings\Quintero Family\Desktop\george.exe.exe
[2011/05/20 16:52:19 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Quintero Family\Desktop\Shortcut to IEXPLORE.lnk
[2011/05/20 16:39:02 | 002,185,092 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\IMG_NEW_NEW.pdf
[2011/05/20 16:39:02 | 000,800,447 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\IMG_0001.pdf
[2011/05/20 16:39:02 | 000,539,540 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\IMG.pdf
[2011/05/20 16:39:02 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\gmer.zip
[2011/05/20 16:39:02 | 000,105,114 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\IMG_0002.pdf
[2011/05/20 16:39:02 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\trojan_fakerean_exe_fix.reg
[2011/05/20 16:39:01 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\tdsskiller.zip
[2011/05/20 16:38:15 | 006,821,816 | ---- | C] () -- C:\Documents and Settings\Quintero Family\My Documents\dl600.pdf
[2011/05/20 15:46:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/20 15:46:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/20 15:38:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 15:38:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 15:38:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 15:38:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 15:38:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 20:20:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 20:49:17 | 000,017,036 | ---- | C] () -- C:\update_sp3qfe.inf
[2011/05/13 20:49:03 | 000,017,036 | ---- | C] () -- C:\win32k.sys
[2011/05/13 20:48:50 | 000,000,000 | ---- | C] () -- C:\spmsg.dll
[2011/05/13 20:48:37 | 000,017,036 | ---- | C] () -- C:\spuninst[2].exe
[2011/05/13 20:46:47 | 000,017,036 | ---- | C] () -- C:\spuninst[1].exe
[2011/05/13 20:46:28 | 000,017,036 | ---- | C] () -- C:\spuninst.exe
[2011/05/13 13:36:39 | 1062,416,384 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/13 13:33:09 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/13 13:32:26 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/13 13:32:11 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/13 13:32:09 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/13 13:32:05 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/13 13:31:55 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/13 13:31:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/13 13:31:16 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/13 13:01:05 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/05/13 13:01:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/13 13:01:05 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/13 13:01:05 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/13 13:01:05 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/13 13:01:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/13 13:01:05 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/13 13:01:05 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/13 13:01:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/13 13:01:05 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/13 13:01:05 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/13 13:01:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/13 13:01:04 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/13 13:01:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/13 13:01:04 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/12 02:03:07 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Quintero Family\Desktop\rk-proxy.reg
[2011/05/12 01:15:48 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2011/05/12 01:02:38 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
[2011/04/15 15:16:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/04/15 12:27:42 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Quintero Family\Application Data\1A86.8E8
[2011/01/14 19:51:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/14 19:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/09/13 19:18:31 | 000,066,484 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/10 22:14:53 | 000,000,269 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/01/31 15:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2009/12/25 22:15:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Quintero Family\Local Settings\Application Data\rx_image.Cache
[2009/10/01 14:25:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/21 18:45:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/09 13:53:12 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/04 01:14:02 | 000,014,279 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/02 15:53:12 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Quintero Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 16:22:40 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/16 07:54:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/16 07:46:53 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/16 07:46:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/16 07:41:35 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2007/12/16 07:41:35 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2007/12/16 07:22:07 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2007/12/16 07:22:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/12/16 07:21:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/16 07:20:21 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/03/22 11:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 11:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:20 | 000,443,790 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#21
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
the path for BITS is C:\WINDOWS\system32\exe -k netsvcs and it is set for automatic.
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP

the path for BITS is C:\WINDOWS\system32\exe -k netsvcs and it is set for automatic.


Not C:\WINDOWS\system32\svchost.exe?

If that was a typo then see if you can follow the instructions here:

http://support.microsoft.com/kb/910337

An alternative is dial-a-fix:

http://wiki.lunarsof...wiki/Dial-a-fix

Download it, right click and Extract All then run Dial-a-fix.exe
check the box where is says Fix Windows Update then hit the GO button at the bottom.

Since Combofix is not working like I want let's run GMER and see if it finds anything evil lurking:

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


We Need to check for Rootkits with RootRepeal

[*]Extract RootRepeal.exe from the archive.
Right click on rootrepeal.zip and Extract All. Then move to the folder it created and find rootrepeal.exe and run it.
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
  • 0

#23
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Used the Microsoft troubleshooting for the error code 1083 for BITS and it did not work. Tried using the dial a fix and kept getting that there were no files to be unzipped. Saved it to a flash drive and copied to my desktop and when trying to open got message that the file had been corrupted. I dowloaded the program using my netbook since I can't get anywhere using the XP system that is giving me problems. Here is the path that shows when I run services.msc: C:\WINDOWS\system32\svchost.exe -k netsvcs. Will run gmer again and see what comes up.
  • 0

#24
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Besides the BITS not running, neither was the system mechanic services or the firewall services.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
You might want to try the AVG rescue disk or usb.

http://www.geekstogo...ystem-tutorial/

http://www.pendrivea...rus-rescue-usb/
  • 0

Advertisements


#26
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here are the gmer results.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-24 20:43:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620AS rev.3.ADG
Running: wpsxpjdm.exe; Driver: C:\DOCUME~1\QUINTE~1\LOCALS~1\Temp\pwtyapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xAA069FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xAA06AA56]
SSDT 86115109 ZwCreateThread
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys (RapportCerberus/Trusteer Ltd.) ZwDeleteFile [0xF7836E12]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xAA06E27C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xAA06E2AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xAA06E410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAA06AB2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xAA06A104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xAA06A2F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xAA06A428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xAA06E386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xAA06E2F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xAA06E322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xAA06E354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xAA069F66]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys (RapportCerberus/Trusteer Ltd.) ZwSetInformationFile [0xF7836E86]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xF7837C92]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xAA069F02]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys (RapportCerberus/Trusteer Ltd.) ZwTerminateProcess [0xF7836D98]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xAA069E9E]

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[304] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[900] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[912] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2088] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2128] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2324] ntdll.dll!KiUserApcDispatcher 7C90EAC0 5 Bytes JMP 00414130 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2324] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 71A70001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2324] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2324] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71AE0022
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!WriteFile 7C810F9F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!PeekNamedPipe 7C85F6EF 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] kernel32.dll!WinExec 7C86114D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WININET.dll!InternetOpenA 771C58C2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2700] WININET.dll!InternetReadFile 771C80FC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----
  • 0

#27
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here are the results from rootappeal.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2011/05/24 20:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FBA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B75000 Size: 8192 File Visible: No Signed: -
Status: -

Name: pwtyapob.sys
Image Path: C:\DOCUME~1\QUINTE~1\LOCALS~1\Temp\pwtyapob.sys
Address: 0xA857F000 Size: 100736 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA882B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\ClickOnceLauncher.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\ClickOnceLauncher.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Quintero Family\Local Settings\Apps\2.0\NAJ12W5J.0VN\3MW7PJZV.1LJ\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa069fc0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06aa56

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86115109

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys" at address 0xf7836e12

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e27c

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e2ae

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e410

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06ab2c

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06a104

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06a2f6

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06a428

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e386

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e2f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e322

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06e354

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa069f66

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys" at address 0xf7836e86

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys" at address 0xf7837c92

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa069f02

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys" at address 0xf7836d98

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa069e9e

Shadow SSDT
-------------------
#: 007 Function Name: NtGdiAlphaBlend
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa0707a6

#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070606

#: 191 Function Name: NtGdiGetPixel
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070654

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa0706e0

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa07072e

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070686

#: 298 Function Name: NtGdiTransparentBlt
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa07076a

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06b000

#: 477 Function Name: NtUserPrintWindow
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa0707e2

#: 483 Function Name: NtUserQueryWindow
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06af74

==EOF==
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Let's see if we can get rid of the driver that Combofix found:

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
c:\windows\System32\drivers\wadsj.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\ParetoLogic Update Version2.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job

Drivers to delete:
afhrrty

******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.

Try starting BITS again.

Ron
  • 0

#29
purpled

purpled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here are the results of the Avenger. Will try to include a screen shot of the BITS in next reply. System Mechanic is working, but firewall services cannot be started. Downloaded Google Chrome because IE is not working right. Help Mr. Wizard!!! This is so frustrating, especially because I don't know what I am looking for. Is their anything else I can try, short of buying a new hard drive? Thanks for being this patient this long.

Lisa

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\System32\drivers\wadsj.sys" not found!
Deletion of file "c:\windows\System32\drivers\wadsj.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\Tasks\GoogleUpdateTaskMachineCore.job" deleted successfully.
File "c:\windows\Tasks\GoogleUpdateTaskMachineUA.job" deleted successfully.
File "c:\windows\Tasks\ParetoLogic Update Version2.job" deleted successfully.
File "c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job" deleted successfully.
File "c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1116536718-3741406524-3057432846-1006.job" deleted successfully.
Driver "afhrrty" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Avenger says it got rid of the driver that wouldn't die so we are making a little progress.

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line:

sc  config  wuauserv  start=  auto


sc  config  bits  start=  auto

sc  config  DcomLaunch  start=  auto

net  start  >>  \junk.txt

net  start  rpcss  >>  \junk.txt

net  start  DcomLaunch  >>  \junk.txt

net  start  bits  >>  \junk.txt

sc  query  BITS  >> \junk.txt

net  start  wuauserv  >>  \junk.txt

notepad  \junk.txt




(I use two spaces in the code box so you can see where one space goes.)
Copy the text from notepad and paste it into a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP