Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ending Program - SW [Solved]

Started by Scuffz , Jun 15 2012 03:16 PM

  • This topic is locked This topic is locked

#1
Scuffz
Posted 15 June 2012 - 03:16 PM

Scuffz

    New Member

  • Member
  • Pip
  • 7 posts
Hello everyone,

For the past year or so when shutting down my computer I've been occasionally getting the following message. "Ending program - sw" It happens pretty rarely but I'm starting to this that my computer has a virus. I run McAfee and update it regularly. Multiple people use this computer so I can't really pinpoint the source of the problem.

The following is the OTL.Txt

OTL logfile created on: 6/15/2012 1:48:14 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Angelo Teminel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.43% Memory free
4.57 Gb Paging File | 2.39 Gb Available in Paging File | 52.27% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 17.60 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive Z: | 148.96 Gb Total Space | 54.87 Gb Free Space | 36.83% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: Angelo Teminel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 13:47:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo Teminel\My Documents\Downloads\OTL.exe
PRC - [2012/06/15 10:49:22 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001
PRC - [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/19 13:43:23 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2010/06/25 17:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 12:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2010/03/08 15:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/05/16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 09:21:14 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/07/25 11:33:54 | 019,546,112 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
PRC - [2005/09/20 17:11:10 | 011,062,272 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 11:44:22 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0011\~df394b.tmp
MOD - [2012/06/15 11:41:17 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0010\~df394b.tmp
MOD - [2012/06/15 11:41:17 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0010\~deb193.tmp
MOD - [2012/06/15 10:49:24 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0009\~df394b.tmp
MOD - [2012/06/15 10:49:22 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0008\~df394b.tmp
MOD - [2012/06/15 10:49:22 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\temp\Adobelm_Cleanup.0001.dir.0008\~de2fd8.tmp
MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/02 15:16:26 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2012/05/02 15:16:25 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2011/11/08 13:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/05 11:45:04 | 000,106,312 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
MOD - [2006/12/19 11:28:14 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/12/19 11:26:12 | 000,157,248 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/05/16 21:33:05 | 002,002,944 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2005/03/25 08:35:32 | 001,181,513 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Support.dll
MOD - [2005/03/25 03:43:36 | 000,839,680 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Required\PDFFormat.aip


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 02:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/03/18 02:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 02:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 02:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 02:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/08 14:08:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/12/11 10:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/02/10 09:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2003/10/10 04:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{07707AD2-3260-4A16-BCE5-93955AA85330}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{34EAD579-A1FC-4940-A19B-59676A55E24D}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{44CBDBB7-B240-47D2-8662-9A29ACA13B48}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4C769504-C086-41DB-88C3-6531FF2B500A}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{B0AAA846-9934-4493-A8EB-039CFB383333}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{F41D4A00-18F1-4CCF-B273-9A5C1534D11C}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{F571E193-E5A8-45FE-93DD-6DB2072F5665}: "URL" = http://answers.yahoo...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1D8EAC50-B91F-4255-B46E-ED8CB27D4926}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D8EAC50-B91F-4255-B46E-ED8CB27D4926}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{452C5F0B-DA71-4114-A876-735074860E80}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{4A6FBE74-F087-4F24-8841-1B8FF9463177}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{53530AF5-151D-42CE-9386-7440022848AC}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{57A8191F-9F63-4DD5-9047-03D857362F18}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{853B54D9-1D54-4709-9C09-EBB49A965AB1}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{D538AC72-6D0A-4EFC-99BE-5C167336E18A}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DEF8DD0F-8E3A-4CCF-B22C-E3608B127B02}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {86F0AB8A-C083-4771-9067-4E3644D764CA}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=61005&qkw="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{86F0AB8A-C083-4771-9067-4E3644D764CA}: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\{86F0AB8A-C083-4771-9067-4E3644D764CA} [2009/03/25 12:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/21 14:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 15:01:14 | 000,000,000 | ---D | M]

[2008/08/26 12:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Extensions
[2012/05/23 15:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\extensions
[2008/05/29 07:42:42 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\searchplugins\aim-search.xml
[2008/02/21 14:35:57 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\searchplugins\aolsearch.xml
[2012/02/20 09:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/20 09:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/05/23 15:34:34 | 001,335,949 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANGELO TEMINEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6JYLKHVY.DEFAULT\EXTENSIONS\[email protected]
[2012/01/26 17:06:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/20 09:08:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 21:50:08 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2007/10/01 11:20:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/22 18:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 17:06:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Turner Media Plugin 1.0.0.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Bejeweled = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: Google Search = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: AT_DJTiesto = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2\
CHR - Extension: Gmail = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/04/29 12:00:19 | 000,305,119 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1292432002984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C06E97-EEC4-4388-BA41-3ED976E7F868}: NameServer = 4.2.2.1,4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ANGELO~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\AutoRun\command - "" = v0vj.exe
O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\explore\Command - "" = v0vj.exe
O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\open\Command - "" = v0vj.exe
O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell - "" = AutoRun
O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell - "" = AutoRun
O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\1\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\2\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell - "" = AutoRun
O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 09:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo Teminel\Application Data\WTablet
[2012/06/15 09:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2012/06/15 09:30:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wacom Tablet
[2012/06/15 09:30:55 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2012/06/15 09:30:43 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2012/06/15 09:30:37 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2012/06/15 09:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/15 09:30:27 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2012/06/15 09:30:25 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
[2012/06/15 09:30:25 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2012/06/15 09:30:25 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2012/06/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2012/05/31 15:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo Teminel\Desktop\Yocaher e-commerce
[2012/05/23 14:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo Teminel\Desktop\New Folder
[2012/05/21 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/17 09:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/05/17 09:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 13:48:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140412741-724039363-3243389656-1006UA.job
[2012/06/15 13:48:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140412741-724039363-3243389656-1006Core.job
[2012/06/15 13:24:56 | 000,128,968 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot_rods.jpg
[2012/06/15 09:17:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/15 09:17:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 09:17:05 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 16:42:52 | 000,055,851 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\kicktail_white_shades.jpg
[2012/06/14 15:07:26 | 014,645,654 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\test2.psd
[2012/06/14 11:43:44 | 000,046,257 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\scuffz.jpg
[2012/06/14 11:30:48 | 001,412,947 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot rod layers cs3.ai
[2012/06/14 11:30:42 | 001,424,603 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot rod layers.ai
[2012/06/14 11:15:12 | 000,032,037 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Bl.jpg
[2012/06/14 11:14:49 | 000,027,908 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Cl.jpg
[2012/06/14 11:14:35 | 000,032,784 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Rd.jpg
[2012/06/13 13:41:37 | 021,793,588 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\test.psd
[2012/06/13 09:06:31 | 010,286,120 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\HotRod_Skull.psd
[2012/06/13 08:43:41 | 003,837,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 08:39:43 | 000,581,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 08:39:43 | 000,114,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 08:25:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/11 14:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/11 14:48:39 | 002,125,398 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1c.ai
[2012/06/11 13:23:58 | 002,738,571 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1b.ai
[2012/06/11 13:23:52 | 002,738,913 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1a.ai
[2012/06/11 10:07:08 | 000,367,185 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Wheel_mockup.ai
[2012/06/11 09:50:27 | 000,045,208 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Wheel_mockup.gif
[2012/06/11 08:59:17 | 002,732,629 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod mummy.ai
[2012/06/11 08:51:20 | 027,975,969 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod monster.psd
[2012/06/11 08:50:32 | 001,394,893 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod monster.ai
[2012/06/08 11:16:16 | 000,160,558 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\GoogleBaseFeed-2012-06-08.xml
[2012/05/23 15:07:22 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/17 09:05:43 | 000,002,574 | -H-- | M] () -- C:\IPH.PH
[2012/05/17 09:05:39 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 13:24:56 | 000,128,968 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot_rods.jpg
[2012/06/15 09:30:55 | 001,746,986 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc
[2012/06/14 16:42:52 | 000,055,851 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\kicktail_white_shades.jpg
[2012/06/14 15:07:24 | 014,645,654 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\test2.psd
[2012/06/14 11:43:44 | 000,046,257 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\scuffz.jpg
[2012/06/14 11:30:49 | 001,412,947 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot rod layers cs3.ai
[2012/06/14 11:30:41 | 001,424,603 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hot rod layers.ai
[2012/06/14 11:15:19 | 000,032,037 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Bl.jpg
[2012/06/14 11:14:57 | 000,027,908 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Cl.jpg
[2012/06/14 11:14:46 | 000,032,784 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Gel_Wheels_Rd.jpg
[2012/06/13 13:41:35 | 021,793,588 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\test.psd
[2012/06/13 09:06:34 | 010,286,120 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\HotRod_Skull.psd
[2012/06/11 13:43:59 | 002,125,398 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1c.ai
[2012/06/11 13:23:56 | 002,738,571 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1b.ai
[2012/06/11 13:23:48 | 002,738,913 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard template 1a.ai
[2012/06/11 09:50:27 | 000,045,208 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Wheel_mockup.gif
[2012/06/11 08:59:26 | 002,732,629 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod mummy.ai
[2012/06/11 08:50:33 | 001,394,893 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod monster.ai
[2012/06/11 08:50:15 | 027,975,969 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\hotrod monster.psd
[2012/06/08 16:40:23 | 000,367,185 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\LB_Wheel_mockup.ai
[2012/06/08 11:16:17 | 000,160,558 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\GoogleBaseFeed-2012-06-08.xml
[2012/04/24 08:09:49 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat
[2012/02/15 09:07:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/22 11:05:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/02/09 10:51:33 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

========== LOP Check ==========

[2008/11/21 12:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/07/28 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2008/05/13 10:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2008/01/23 11:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/01/31 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/01/14 11:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2008/08/29 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/06/18 10:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/24 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/27 10:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/14 10:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/09 10:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 10:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/03/23 08:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2006/10/23 11:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\acccore
[2011/04/18 11:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\DassaultSystemes
[2012/04/02 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Dropbox
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\EDrawings
[2012/04/18 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\FileZilla
[2007/09/05 10:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\GetRightToGo
[2007/01/12 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Leadertech
[2011/11/28 09:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape
[2006/11/20 15:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Opera
[2011/12/27 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\redsn0w
[2009/01/08 14:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Samsung
[2008/08/29 08:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Shareaza
[2008/08/29 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Sony
[2008/05/14 08:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\SystemRequirementsLab
[2008/01/23 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Tunebite
[2009/10/23 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Viewpoint
[2010/05/17 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Windows Desktop Search
[2010/05/17 10:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Windows Search
[2011/04/08 10:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\www.adobe.com.Wallaby
[2006/10/15 17:09:33 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 28 June 2012 - 11:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Scuffz and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\AutoRun\command - "" = v0vj.exe
    O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\explore\Command - "" = v0vj.exe
    O33 - MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\Shell\open\Command - "" = v0vj.exe
    O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell - "" = AutoRun
    O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell - "" = AutoRun
    O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\1\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\2\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell - "" = AutoRun
    O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan/Fixes box paste this in

/md5start
sw.*
/md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • OTL scan log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Scuffz
Posted 29 June 2012 - 03:24 PM

Scuffz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL fix log


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02f11b62-35b2-11de-9764-001372e78e28}\ not found.
File v0vj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02f11b62-35b2-11de-9764-001372e78e28}\ not found.
File v0vj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02f11b62-35b2-11de-9764-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02f11b62-35b2-11de-9764-001372e78e28}\ not found.
File v0vj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27bf28c7-0833-11de-9731-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27bf28c7-0833-11de-9731-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27bf28c7-0833-11de-9731-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27bf28c7-0833-11de-9731-001372e78e28}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
File E:\.\RECYCLER\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
File E:\.\RECYCLER\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c74b174a-284c-11de-9754-001372e78e28}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e93506df-6954-11dd-9683-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e93506df-6954-11dd-9683-001372e78e28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e93506df-6954-11dd-9683-001372e78e28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e93506df-6954-11dd-9683-001372e78e28}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Angelo Teminel
->Temp folder emptied: 1212907642 bytes
->Temporary Internet Files folder emptied: 144693882 bytes
->Java cache emptied: 50134169 bytes
->FireFox cache emptied: 47688521 bytes
->Google Chrome cache emptied: 313214008 bytes
->Apple Safari cache emptied: 68405248 bytes
->Flash cache emptied: 1550096 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 225930106 bytes

User: TERMINEL

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5337921 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107975413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 115119492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 973959 bytes
RecycleBin emptied: 87608133 bytes

Total Files Cleaned = 2,271.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06292012_093817

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
Scuffz
Posted 29 June 2012 - 03:25 PM

Scuffz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL scan log


OTL logfile created on: 6/29/2012 9:56:52 AM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Angelo Teminel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 76.92% Memory free
4.57 Gb Paging File | 4.04 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 19.94 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
Drive Z: | 148.96 Gb Total Space | 53.38 Gb Free Space | 35.83% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: Angelo Teminel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 13:47:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo Teminel\My Documents\Downloads\OTL.exe
PRC - [2012/03/19 13:43:23 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2010/06/25 17:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 12:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2010/03/08 15:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/05/16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 09:21:14 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/12/19 11:28:14 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/12/19 11:26:12 | 000,157,248 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 02:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/03/18 02:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 02:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 02:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 02:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/08 14:08:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/12/11 10:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/02/10 09:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2003/10/10 04:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{07707AD2-3260-4A16-BCE5-93955AA85330}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{34EAD579-A1FC-4940-A19B-59676A55E24D}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{44CBDBB7-B240-47D2-8662-9A29ACA13B48}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4C769504-C086-41DB-88C3-6531FF2B500A}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{B0AAA846-9934-4493-A8EB-039CFB383333}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{F41D4A00-18F1-4CCF-B273-9A5C1534D11C}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{F571E193-E5A8-45FE-93DD-6DB2072F5665}: "URL" = http://answers.yahoo...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1D8EAC50-B91F-4255-B46E-ED8CB27D4926}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D8EAC50-B91F-4255-B46E-ED8CB27D4926}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{452C5F0B-DA71-4114-A876-735074860E80}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{4A6FBE74-F087-4F24-8841-1B8FF9463177}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{53530AF5-151D-42CE-9386-7440022848AC}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{57A8191F-9F63-4DD5-9047-03D857362F18}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{853B54D9-1D54-4709-9C09-EBB49A965AB1}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{D538AC72-6D0A-4EFC-99BE-5C167336E18A}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DEF8DD0F-8E3A-4CCF-B22C-E3608B127B02}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {86F0AB8A-C083-4771-9067-4E3644D764CA}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=61005&qkw="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{86F0AB8A-C083-4771-9067-4E3644D764CA}: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\{86F0AB8A-C083-4771-9067-4E3644D764CA} [2009/03/25 12:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/21 14:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 08:16:44 | 000,000,000 | ---D | M]

[2008/08/26 12:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Extensions
[2012/05/23 15:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\extensions
[2008/05/29 07:42:42 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\searchplugins\aim-search.xml
[2008/02/21 14:35:57 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\Firefox\Profiles\6jylkhvy.default\searchplugins\aolsearch.xml
[2012/06/18 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/18 08:16:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/05/23 15:34:34 | 001,335,949 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANGELO TEMINEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6JYLKHVY.DEFAULT\EXTENSIONS\[email protected]
[2012/01/26 17:06:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/27 21:50:08 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2007/10/01 11:20:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/22 18:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 17:06:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Angelo Teminel\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Turner Media Plugin 1.0.0.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Bejeweled = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: Google Search = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: AT_DJTiesto = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2\
CHR - Extension: Gmail = C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/04/29 12:00:19 | 000,305,119 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1292432002984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C06E97-EEC4-4388-BA41-3ED976E7F868}: NameServer = 4.2.2.1,4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ANGELO~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 09:38:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/22 14:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/18 08:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2012/06/15 09:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo Teminel\Application Data\WTablet
[2012/06/15 09:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2012/06/15 09:30:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wacom Tablet
[2012/06/15 09:30:55 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2012/06/15 09:30:43 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2012/06/15 09:30:37 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2012/06/15 09:30:27 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2012/06/15 09:30:25 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
[2012/06/15 09:30:25 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2012/06/15 09:30:25 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2012/06/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet

========== Files - Modified Within 30 Days ==========

[2012/06/29 09:48:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140412741-724039363-3243389656-1006UA.job
[2012/06/29 09:44:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/29 09:43:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/29 09:43:53 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 16:04:24 | 000,033,626 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\united_pantones.gif
[2012/06/28 15:25:22 | 000,053,842 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_ragz_preview_new.jpg
[2012/06/28 15:11:09 | 000,064,414 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_pyro_preview_new.jpg
[2012/06/28 15:06:35 | 000,063,263 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_slim_preview_new.jpg
[2012/06/28 13:48:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140412741-724039363-3243389656-1006Core.job
[2012/06/28 10:33:41 | 000,037,388 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\longboard_natural_decks.jpg
[2012/06/28 09:15:42 | 000,016,804 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2012/06/27 13:43:27 | 000,063,459 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_slim_preview.jpg
[2012/06/27 13:25:23 | 003,619,151 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\kicktail_completes.psd
[2012/06/27 08:19:48 | 000,028,441 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\lion-head.jpg
[2012/06/27 08:15:38 | 000,042,022 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\RoaringLion.jpg
[2012/06/26 15:11:16 | 000,008,179 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\lion.jpg
[2012/06/26 14:05:47 | 000,037,563 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\dropthrough_getaway.jpg
[2012/06/26 09:44:08 | 000,194,226 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\Email_June_2012_lb.jpg
[2012/06/25 14:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/25 10:07:17 | 000,059,739 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\tiedye_rasta_longboard.jpg
[2012/06/22 15:26:46 | 000,244,110 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard_template_all.ai
[2012/06/22 15:21:18 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/22 10:33:08 | 000,038,688 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\alin.jpg
[2012/06/21 17:01:59 | 132,951,937 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\alin.psd
[2012/06/21 16:40:34 | 005,146,034 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0003.jpg
[2012/06/21 16:39:38 | 004,993,324 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0002.jpg
[2012/06/21 16:38:20 | 005,422,703 | ---- | M] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0001.jpg
[2012/06/18 08:04:31 | 003,837,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 08:39:43 | 000,581,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 08:39:43 | 000,114,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 08:25:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/06/28 16:04:24 | 000,033,626 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\united_pantones.gif
[2012/06/28 15:25:22 | 000,053,842 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_ragz_preview_new.jpg
[2012/06/28 15:11:09 | 000,064,414 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_pyro_preview_new.jpg
[2012/06/28 15:06:35 | 000,063,263 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_slim_preview_new.jpg
[2012/06/28 10:33:41 | 000,037,388 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\longboard_natural_decks.jpg
[2012/06/28 09:15:40 | 000,016,804 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2012/06/27 13:43:27 | 000,063,459 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\micro_slim_preview.jpg
[2012/06/27 13:25:21 | 003,619,151 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\kicktail_completes.psd
[2012/06/27 08:19:57 | 000,028,441 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\lion-head.jpg
[2012/06/27 08:15:45 | 000,042,022 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\RoaringLion.jpg
[2012/06/26 15:11:23 | 000,008,179 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\lion.jpg
[2012/06/26 14:05:47 | 000,037,563 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\dropthrough_getaway.jpg
[2012/06/26 09:44:08 | 000,194,226 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\Email_June_2012_lb.jpg
[2012/06/25 10:07:17 | 000,059,739 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\tiedye_rasta_longboard.jpg
[2012/06/22 15:23:06 | 000,244,110 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\skateboard_template_all.ai
[2012/06/22 10:33:07 | 000,038,688 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\alin.jpg
[2012/06/21 17:01:50 | 132,951,937 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\alin.psd
[2012/06/21 16:40:34 | 005,146,034 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0003.jpg
[2012/06/21 16:39:38 | 004,993,324 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0002.jpg
[2012/06/21 16:38:20 | 005,422,703 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Desktop\DSC_0001.jpg
[2012/06/15 09:30:55 | 001,746,986 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc
[2012/04/24 08:09:49 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat
[2012/02/15 09:07:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/22 11:05:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/02/09 10:51:33 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

========== LOP Check ==========

[2008/11/21 12:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/07/28 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2008/05/13 10:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2008/01/23 11:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/01/31 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/01/14 11:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2008/08/29 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/06/18 10:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/24 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/27 10:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/14 10:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/09 10:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 10:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/03/23 08:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2006/10/23 11:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\acccore
[2011/04/18 11:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\DassaultSystemes
[2012/06/22 15:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Dropbox
[2011/12/22 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\EDrawings
[2012/04/18 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\FileZilla
[2007/09/05 10:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\GetRightToGo
[2007/01/12 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Leadertech
[2011/11/28 09:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Octoshape
[2006/11/20 15:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Opera
[2011/12/27 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\redsn0w
[2009/01/08 14:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Samsung
[2008/08/29 08:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Shareaza
[2008/08/29 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Sony
[2008/05/14 08:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\SystemRequirementsLab
[2008/01/23 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Tunebite
[2009/10/23 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Viewpoint
[2010/05/17 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Windows Desktop Search
[2010/05/17 10:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\Windows Search
[2011/04/08 10:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelo Teminel\Application Data\www.adobe.com.Wallaby
[2006/10/15 17:09:33 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SW.DLL >
[2012/06/07 01:14:27 | 000,008,216 | ---- | M] () MD5=33697FA835829D270C28B3ABE7D4CC5E -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\Locales\sw.dll
[2012/05/22 18:56:34 | 000,008,216 | ---- | M] () MD5=38D090814DA2ABF451A11BA539962455 -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\Locales\sw.dll

< MD5 for: SW.GIF >
[2012/02/13 17:37:47 | 000,000,149 | ---- | M] () MD5=FACF14D8F9C02FFF81DDAE6719BEAE44 -- C:\Documents and Settings\Angelo Teminel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite\CS5\Using\images\sw.gif
[2012/02/13 17:37:33 | 000,000,149 | ---- | M] () MD5=FACF14D8F9C02FFF81DDAE6719BEAE44 -- C:\Documents and Settings\Angelo Teminel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\DeviceCentral\CS5\Using\images\sw.gif
[2012/02/13 17:37:17 | 000,000,149 | ---- | M] () MD5=FACF14D8F9C02FFF81DDAE6719BEAE44 -- C:\Documents and Settings\Angelo Teminel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Photoshop\CS5\Using\images\sw.gif

< MD5 for: SW.PAK >
[2012/05/22 18:06:23 | 000,158,218 | ---- | M] () MD5=99DB0F0E63CCA2FBABB48F729306ACFF -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\Locales\sw.pak
[2012/06/07 00:23:18 | 000,158,218 | ---- | M] () MD5=99DB0F0E63CCA2FBABB48F729306ACFF -- C:\Documents and Settings\Angelo Teminel\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\Locales\sw.pak

< End of report >
  • 0

#5
Scuffz
Posted 29 June 2012 - 03:26 PM

Scuffz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-29 14:19:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3808110AS rev.3.ADH
Running: uyzn9vh0.exe; Driver: C:\DOCUME~1\ANGELO~1\LOCALS~1\Temp\fxtdypob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile [0xA677E57B]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateKey [0xA677E4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0xA677E5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey [0xA677E50F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey [0xA677E53B]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection [0xA677E5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey [0xA677E4E7]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory [0xA677E58F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey [0xA677E525]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey [0xA677E551]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0xA677E567]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection [0xA677E5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution [0xA677E5B9]
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B1C 7 Bytes JMP A677E5BD \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 805790A2 5 Bytes JMP A677E57F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2042 7 Bytes JMP A677E5D3 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E50 5 Bytes JMP A677E5E9 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B8426 7 Bytes JMP A677E593 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1250 5 Bytes JMP A677E5A9 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D22D8 5 Bytes JMP A677E56B \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwSetValueKey 80622548 7 Bytes JMP A677E555 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRenameKey 806239F8 7 Bytes JMP A677E529 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateKey 80623FD6 5 Bytes JMP A677E4FF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteKey 80624472 7 Bytes JMP A677E513 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80624642 7 Bytes JMP A677E53F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwOpenKey 806253B4 5 Bytes JMP A677E4EB \SystemRoot\system32\drivers\mfehidk.sys
? system32\drivers\mfetdik.sys The system cannot find the path specified. !
? C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys The system cannot find the file specified. !
? system32\drivers\mfehidk.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[468] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20089
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F94
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D2006C
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D2005B
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20040
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200C8
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D200AB
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F4A
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200E3
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20F39
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D2009A
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D2002F
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20F6F
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FC3
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D1006C
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FDE
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D1005B
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D1004A
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D1002F
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00047
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FBC
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D0002C
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FD7
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00011
.text C:\WINDOWS\system32\services.exe[720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F66
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80065
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80F8B
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80087
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80076
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F10
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800B3
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800CE
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F55
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80098
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F70F83
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F7002F
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60064
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F60049
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F60FE3
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60038
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60011
.text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F66
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0F77
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F35
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF007D
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F06
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF009F
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0EEB
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF008E
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0FA1
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0054
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0033
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0022
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F43
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F68
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80F79
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F8A
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FB6
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F32
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B8006E
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800B7
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B8009C
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800C8
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FA5
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80053
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B8008B
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B7006F
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70054
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70039
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70FA8
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60055
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60033
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60044
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F77
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F88
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0006C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FDB
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F4B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00087
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000D3
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00F30
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F15
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00011
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00F5C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00047
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D0002C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D000AE
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F83
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE003D
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0022
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FD7
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FBC
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD000A
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0303000A
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03030F92
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0303007D
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0303006C
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03030FAF
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03030FCA
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03030F75
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 030300BD
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03030F49
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 030300E2
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03030F2E
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03030051
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0303001B
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 030300AC
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03030036
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03030FE5
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03030F64
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02D40040
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02D40FA8
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02D40025
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02D40FEF
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02D40FC3
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02D4000A
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02D40FD4
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F4, 8A]
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02D4005B
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02D3003F
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 02D30FBE
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02D30FD9
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02D3000C
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02D3002E
.text C:\WINDOWS\System32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02D3001D
.text C:\WINDOWS\System32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D20000
.text C:\WINDOWS\System32\svchost.exe[1112] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 02C10FEF
.text C:\WINDOWS\System32\svchost.exe[1112] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 02C10FDE
.text C:\WINDOWS\System32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 02C10014
.text C:\WINDOWS\System32\svchost.exe[1112] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 02C10FCD
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065009D
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650082
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500D5
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F83
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500F0
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650101
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006500AE
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F83
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FA6
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FC1
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F7E
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00069
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F9B
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00058
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FC7
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F41
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F5C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00F04
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F15
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000B8
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00FB6
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00F6D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0003D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00022
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F30
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FDE
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0051
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0040
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0042
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FB7
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FC8
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0065
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F66
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED004A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED002F
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00A4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0093
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00E1
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00C6
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F2D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0FA8
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0076
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00B5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC002C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0084
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FDB
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0069
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC0058
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0047
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0051
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0040
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FC6
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE00A2
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0091
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0076
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F5A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F6B
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE00D5
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00C4
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00F0
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F88
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00B3
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930FAC
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930069
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930058
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F9C
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920027
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC8
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A80000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A80087
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A80F88
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01A80FA5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01A80058
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01A80FC0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01A80F5A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A800A2
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A80F2E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A80F3F
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A800E2
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01A8003D
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A80011
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A80F77
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01A80FD1
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01A80022
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A800BD
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01A60F9F
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A60FB0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01A6000C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01A60FE3
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01A60FC1
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01A60FD2
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01A7002F
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01A70F9E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01A70FD4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01A70FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01A7005B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01A70000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01A70FB9
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C7, 89]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01A70040
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A50FEF
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01720FE5
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0172006C
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01720051
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01720040
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0172002F
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01720FA8
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01720F3A
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01720F4B
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017200A7
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01720F04
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01720EF3
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01720F97
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01720000
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01720F5C
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01720FB9
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01720FD4
.text C:\WINDOWS\Explorer.EXE[2540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01720F1F
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01710FB9
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01710F72
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01710FCA
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01710FDB
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01710F8D
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01710000
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01710025
.text C:\WINDOWS\Explorer.EXE[2540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01710F9E
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01700027
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!system 77C293C7 5 Bytes JMP 01700016
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01700FB7
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01700FEF
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01700FA6
.text C:\WINDOWS\Explorer.EXE[2540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01700FD2
.text C:\WINDOWS\Explorer.EXE[2540] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 012C0FE5
.text C:\WINDOWS\Explorer.EXE[2540] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 012C0FCA
.text C:\WINDOWS\Explorer.EXE[2540] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 012C0FB9
.text C:\WINDOWS\Explorer.EXE[2540] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 012C0F9E
.text C:\WINDOWS\Explorer.EXE[2540] ws2_32.dll!socket 71AB4211 5 Bytes JMP 016F000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys

Device \FileSystem\Fastfat \Fat A5FF2D20
Device \FileSystem\Fastfat \Fat A6002428

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2540] 0x14490000

---- EOF - GMER 1.0.15 ----
  • 0

#6
maliprog
Posted 01 July 2012 - 01:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sorry for delay. I'm not able to review your logs right now. I'll reply tomorrow with new set of instructions. Please bare with me.
  • 0

#7
maliprog
Posted 01 July 2012 - 11:14 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Scuffz,

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#8
Scuffz
Posted 02 July 2012 - 02:07 PM

Scuffz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the results from the scan. I'm gonna paste the results in here just in case you prefer not to open attachments.


Status: Disinfected (events: 4)
7/2/2012 11:35:56 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Jerry Ramirez][Subject:Fw: find a copy of the letter][Time:2010/09/16 08:03:00]/copy of the letter.html High
7/2/2012 11:41:06 AM Disinfected Trojan program Trojan.Win32.Gamarue.fn Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Angelo Terminel][Subject:Yocaher Skateboards: FW: Your Order#4028180][Time:2012/01/16 09:20:51]/Ticket.zip High
7/2/2012 11:41:06 AM Disinfected Trojan program Trojan.Win32.Gamarue.fn Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Angelo Terminel][Subject:Yocaher Skateboards: FW: Your Order#4028180][Time:2012/01/16 09:20:51]/Ticket.zip/Ticket.exe High
7/2/2012 11:45:07 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic Main Identity\Local Folders\Sent Items\[From:"Jerry Ramirez" <[email protected]>][Subject:Fw: find a copy of the letter][Time:2010/09/16 08:03:00]/copy of the letter.html High
  • 0

#9
maliprog
Posted 03 July 2012 - 12:26 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Scuffz,

I don't see any malware on your system. Your logs and system are clean now.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#10
Scuffz
Posted 05 July 2012 - 09:32 AM

Scuffz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for your help maliprog, everything seems to be working more smoothly now. I really appreciate your help in this matter. :)
  • 0

#11
maliprog
Posted 05 July 2012 - 01:49 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that.

Goodbye and stay safe :thumbsup:
  • 0

#12
maliprog
Posted 05 July 2012 - 01:49 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP