Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to update McAfee, Google redirection

Started by Beagle Pup , Oct 31 2010 09:49 AM

  • This topic is locked This topic is locked

#1
Beagle Pup
Posted 31 October 2010 - 09:49 AM

Beagle Pup

    Member

  • Member
  • PipPip
  • 28 posts
Problem started about 2 months ago. A friend wanted a link to Hotmail set up page - found this on Google and sent it to him. Immediately after sending this link, a spoof anti-virus program automatically loaded itself and started running warning me to accept the program or otherwise the computer would be infected. I didn't accept the program but tried to scan with McAfee, but the scan wouldn't complete with the computer re-booting itself around 5 mins into the scan. At that stage, I couldn't get any internet access.

Another friend found the rogue program in Start Up and managed to remove it (unfortunately I do not have details of this) and suggested I download and scan the system with Ad-Adaware and Malbytes Anti-Malware. I have done this and both programs have removed a large number of Trojans, etc.

I can now get internet access but I still cannot update McAfee and Google continues to redirect to unwanted websites. I have tried to reinstall McAfee but the program senses that it does not have internet access and fails to install. I have reinstalled IE8 but this doesn't make any difference to McAfee, nor to the Google re-direction. I have tried also to install Google Chrome, but this hangs and fails to run.

Here are the details of the OTL log:-

OTL logfile created on: 31/10/2010 11:34:00 - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\NIGEL\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 240.41 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive J: | 1.85 Gb Total Space | 1.70 Gb Free Space | 91.59% Space Free | Partition Type: FAT

Computer Name: PCSPECIALIST | User Name: NIGEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 15:04:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NIGEL\Desktop\OTL.exe
PRC - [2010/10/19 16:16:30 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/19 16:16:30 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/24 13:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/06/24 21:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/27 16:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/06 13:49:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/19 09:12:38 | 000,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
PRC - [2008/09/19 03:59:00 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/02/27 16:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/01/30 08:32:22 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2007/06/29 16:56:06 | 000,278,528 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/06/29 16:53:34 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 19:04:42 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1211986260\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/26 00:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1211986260\ee\aolsoftware.exe
PRC - [2006/09/26 00:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- c:\Program Files\Common Files\AOL\1211986260\ee\aolsoftware.exe
PRC - [2004/06/22 13:03:30 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aoltray.exe
PRC - [2004/01/28 08:19:52 | 000,098,304 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiSmart.exe


========== Modules (SafeList) ==========

MOD - [2010/10/28 15:04:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NIGEL\Desktop\OTL.exe
MOD - [2008/09/19 03:59:08 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/08/25 07:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (DTSRVC)
SRV - [2010/10/19 16:16:30 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/24 13:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/28 16:13:42 | 000,820,488 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\WINDOWS\Temp\0126371281191039mcinst.exe -- (0126371281191039mcinstcleanup) McAfee Application Installer Cleanup (0126371281191039)
SRV - [2010/04/27 16:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/15 08:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/24 17:10:40 | 000,229,688 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/06/20 20:28:05 | 000,069,632 | ---- | M] (Just Flight Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe -- (Just Flight Limited License Service)
SRV - [2009/05/23 14:49:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NIGEL\LOCALS~1\Temp\nenum13E.sys -- (nenum13E)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 13:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 13:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/12 12:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 12:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/04/27 16:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 16:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 16:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 16:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 16:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 16:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 16:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/24 17:09:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/10/13 18:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/24 03:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/26 11:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/17 21:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/12/17 17:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/06/12 10:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/06/04 17:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/06/04 17:25:12 | 000,162,096 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/03/15 14:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/28 15:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/02/17 11:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 11:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/01/30 13:29:37 | 000,055,808 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2004/01/28 08:09:36 | 000,026,624 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiNtBus)
DRV - [2004/01/28 08:09:34 | 000,015,232 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2003/01/10 21:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/06 13:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/31 11:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}: C:\Documents and Settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A} [2010/09/11 14:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{47CAE5D7-4D78-4077-AFF2-9340A5C27673}: C:\Documents and Settings\JEAN\Local Settings\Application Data\{47CAE5D7-4D78-4077-AFF2-9340A5C27673} [2010/09/29 14:24:15 | 000,000,000 | ---D | M]

[2010/10/05 16:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100520202144.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TO-Search-Engine Toolbar) - {3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211986260\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1227803755421 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223674062078 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\NIGEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NIGEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/30 13:11:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 15:56:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/28 16:03:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NIGEL\Recent
[2010/10/28 15:19:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NIGEL\Desktop\OTL.exe
[2010/10/19 16:16:40 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/05 15:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NIGEL\Application Data\Malwarebytes
[2010/10/05 15:48:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/05 15:48:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/05 15:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/05 15:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/18 11:21:09 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2009/08/18 11:21:09 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2009/08/18 11:21:09 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[140 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 11:29:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/31 11:26:53 | 000,436,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 11:26:53 | 000,068,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 11:23:47 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/10/31 11:23:47 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9B3A1E6-7A73-4E80-8E3F-13AC2AFCDC3B}.job
[2010/10/31 11:23:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1005.job
[2010/10/31 11:23:31 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2689334666-3409229528-900351719-1005.job
[2010/10/31 11:22:38 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 11:22:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1006.job
[2010/10/31 11:22:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1007.job
[2010/10/31 11:22:11 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\kbujo.job
[2010/10/31 11:22:04 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/31 11:21:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 11:21:53 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/10/29 17:06:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 16:04:41 | 000,004,470 | ---- | M] () -- C:\Documents and Settings\NIGEL\My Documents\cc_20101028_170437.reg
[2010/10/28 16:02:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/28 15:04:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NIGEL\Desktop\OTL.exe
[2010/10/26 15:20:44 | 003,886,890 | ---- | M] () -- C:\Documents and Settings\NIGEL\Desktop\ComboFix.exe
[2010/10/19 17:22:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/19 16:16:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/19 16:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fyecoqibuzixu.bin
[2010/10/05 21:23:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cwoneyeyogomusi.dat
[2010/10/05 19:03:38 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/05 17:23:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 16:55:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/05 16:45:24 | 000,001,400 | ---- | M] () -- C:\Documents and Settings\NIGEL\My Documents\cc_20101005_174521.reg
[2010/10/05 15:48:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 13:52:09 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\NIGEL\GoToAssistDownloadHelper.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[140 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 16:04:40 | 000,004,470 | ---- | C] () -- C:\Documents and Settings\NIGEL\My Documents\cc_20101028_170437.reg
[2010/10/28 16:02:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/28 15:19:06 | 003,886,890 | ---- | C] () -- C:\Documents and Settings\NIGEL\Desktop\ComboFix.exe
[2010/10/19 17:22:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/05 19:03:38 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/05 16:45:23 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\NIGEL\My Documents\cc_20101005_174521.reg
[2010/10/05 15:48:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 14:32:31 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/10/01 14:27:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/11 14:17:06 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\umpnpmgri.dll
[2010/01/14 22:40:51 | 000,000,710 | ---- | C] () -- C:\WINDOWS\winzip.ini
[2009/09/22 20:48:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/09/16 11:06:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/18 11:21:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2009/08/18 11:21:12 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2009/08/18 11:21:10 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2009/03/07 16:54:02 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\NIGEL\Application Data\Poladroid prefs.plist
[2008/12/23 16:12:19 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/23 16:12:19 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/23 16:12:17 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/23 16:12:17 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/11/25 17:04:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/09/24 16:06:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\GaugeSound.dll
[2008/07/12 20:04:58 | 000,001,315 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2008/07/12 20:04:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2008/07/12 19:48:54 | 000,081,262 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2008/06/12 20:16:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/06/04 13:49:01 | 000,000,329 | ---- | C] () -- C:\WINDOWS\AIsmooth12.INI
[2008/05/29 20:28:37 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/05/29 16:24:06 | 000,000,242 | ---- | C] () -- C:\WINDOWS\RFP.ini
[2008/05/29 16:11:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 15:48:25 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/05/28 15:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2008/05/28 15:46:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2008/05/28 15:46:44 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/05/28 15:28:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SAICFG.dll
[2008/05/28 15:23:17 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\NIGEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/28 15:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/05/28 15:05:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2008/04/30 15:23:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/30 15:03:24 | 000,000,324 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/04/30 13:55:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/30 13:40:18 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/30 13:35:18 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/04/30 13:35:18 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/04/30 13:35:02 | 000,015,121 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/30 13:35:02 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/30 13:34:49 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/06/20 18:39:26 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\flt1chk3.dll
[2004/03/15 09:15:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\VBPNG.DLL
[2004/02/26 19:32:57 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\flt1chk2.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/19 19:04:56 | 003,050,298 | ---- | C] () -- C:\WINDOWS\System32\PDFREPORT_XP.dll
[2002/03/13 22:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2008/05/28 15:05:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/07/28 19:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaptainSim
[2009/03/08 19:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/09/16 13:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/25 13:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2009/02/18 00:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/05/06 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/12/18 17:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Just Flight Limited
[2010/10/31 11:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/05 11:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/09/20 10:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/11/01 16:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/11/29 16:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/02 18:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/18 19:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/11/29 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/28 14:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/06 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/08/08 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/15 19:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/05/01 07:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/09/30 19:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/08 22:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/23 13:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/09/30 19:31:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/11 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\6D6BB2EC3A983389B3BD4A921A87D2FA
[2008/07/06 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Canon
[2008/08/31 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\DisplayTune
[2009/05/06 13:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\eBay
[2010/10/05 20:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Esiv
[2009/04/14 18:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Flight1
[2009/08/06 14:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\GetRight
[2009/08/06 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\GrabPro
[2010/10/19 16:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Iccyf
[2010/01/26 12:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Noul
[2008/06/04 09:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\OfficeUpdate12
[2009/08/06 15:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Orbit
[2008/11/01 16:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\ParetoLogic
[2008/12/28 21:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\sfp40
[2008/10/10 22:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\Uniblue
[2008/11/12 23:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NIGEL\Application Data\WinPatrol
[2010/10/31 11:29:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/31 11:22:11 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\kbujo.job
[2009/11/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/01 00:00:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/03/21 01:28:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update.job
[2010/10/31 11:23:47 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9B3A1E6-7A73-4E80-8E3F-13AC2AFCDC3B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B04546

< End of report >

Any ideas please?
  • 0

Advertisements

#2
SweetTech
Posted 01 November 2010 - 09:32 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - File not found [Auto | Stopped] -- -- (DTSRVC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[140 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2010/10/31 11:22:11 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\kbujo.job
[2010/10/19 16:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fyecoqibuzixu.bin
[2010/10/05 21:23:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cwoneyeyogomusi.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[140 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2010/10/31 11:22:11 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\kbujo.job

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.



NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.
  • Double-click on RKUnhookerLE.exe to execute it.
    Vista - W7 users: Right click RKUnhookerLE.exe, choose "Run As Administrator" to execute it. If UAC prompts, please allow it.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
    Posted Image
    The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
  • When the scanner is finished... click File, Save Report.
  • Save the file "Report.txt" to your Desktop... Press Close... then press Yes
  • Copy the entire contents of the Report.txt file in you're next reply.

Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#3
Beagle Pup
Posted 02 November 2010 - 11:21 AM

Beagle Pup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Sweet Tech

Many thanks for looking at this.

The results for OTL and MBR are pasted below. I am doing the Rootkit Unhooker Scan and will let you have this shortly.


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service DTSRVC stopped successfully!
Service DTSRVC deleted successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV5121700.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV5121700.TMP folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\cnm581.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1E.tmp deleted successfully.
C:\WINDOWS\System32\SET1EB.tmp deleted successfully.
C:\WINDOWS\System32\SET1F.tmp deleted successfully.
C:\WINDOWS\System32\SET20.tmp deleted successfully.
C:\WINDOWS\System32\SET21.tmp deleted successfully.
C:\WINDOWS\System32\SET22.tmp deleted successfully.
C:\WINDOWS\System32\SET23.tmp deleted successfully.
C:\WINDOWS\System32\SET24.tmp deleted successfully.
C:\WINDOWS\System32\SET25.tmp deleted successfully.
C:\WINDOWS\System32\SET26.tmp deleted successfully.
C:\WINDOWS\System32\SET27.tmp deleted successfully.
C:\WINDOWS\System32\SET28.tmp deleted successfully.
C:\WINDOWS\System32\SET29.tmp deleted successfully.
C:\WINDOWS\System32\SET2A.tmp deleted successfully.
C:\WINDOWS\System32\SET2B.tmp deleted successfully.
C:\WINDOWS\System32\SET2C.tmp deleted successfully.
C:\WINDOWS\System32\SET2D.tmp deleted successfully.
C:\WINDOWS\System32\SET2E.tmp deleted successfully.
C:\WINDOWS\System32\SET2F.tmp deleted successfully.
C:\WINDOWS\System32\SET30.tmp deleted successfully.
C:\WINDOWS\System32\SET31.tmp deleted successfully.
C:\WINDOWS\System32\SET32.tmp deleted successfully.
C:\WINDOWS\System32\SET33.tmp deleted successfully.
C:\WINDOWS\System32\SET34.tmp deleted successfully.
C:\WINDOWS\System32\SET35.tmp deleted successfully.
C:\WINDOWS\System32\SET36.tmp deleted successfully.
C:\WINDOWS\System32\SET37.tmp deleted successfully.
C:\WINDOWS\System32\SET38.tmp deleted successfully.
C:\WINDOWS\System32\SET39.tmp deleted successfully.
C:\WINDOWS\System32\SET3A.tmp deleted successfully.
C:\WINDOWS\System32\SET3B.tmp deleted successfully.
C:\WINDOWS\System32\SET3C.tmp deleted successfully.
C:\WINDOWS\System32\SET3D.tmp deleted successfully.
C:\WINDOWS\System32\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\SET3F.tmp deleted successfully.
C:\WINDOWS\System32\SET40.tmp deleted successfully.
C:\WINDOWS\System32\SET41.tmp deleted successfully.
C:\WINDOWS\System32\SET42.tmp deleted successfully.
C:\WINDOWS\System32\SET42B.tmp deleted successfully.
C:\WINDOWS\System32\SET42C.tmp deleted successfully.
C:\WINDOWS\System32\SET42D.tmp deleted successfully.
C:\WINDOWS\System32\SET42E.tmp deleted successfully.
C:\WINDOWS\System32\SET42F.tmp deleted successfully.
C:\WINDOWS\System32\SET43.tmp deleted successfully.
C:\WINDOWS\System32\SET430.tmp deleted successfully.
C:\WINDOWS\System32\SET431.tmp deleted successfully.
C:\WINDOWS\System32\SET432.tmp deleted successfully.
C:\WINDOWS\System32\SET433.tmp deleted successfully.
C:\WINDOWS\System32\SET434.tmp deleted successfully.
C:\WINDOWS\System32\SET435.tmp deleted successfully.
C:\WINDOWS\System32\SET436.tmp deleted successfully.
C:\WINDOWS\System32\SET437.tmp deleted successfully.
C:\WINDOWS\System32\SET438.tmp deleted successfully.
C:\WINDOWS\System32\SET439.tmp deleted successfully.
C:\WINDOWS\System32\SET43A.tmp deleted successfully.
C:\WINDOWS\System32\SET43B.tmp deleted successfully.
C:\WINDOWS\System32\SET43C.tmp deleted successfully.
C:\WINDOWS\System32\SET43D.tmp deleted successfully.
C:\WINDOWS\System32\SET43E.tmp deleted successfully.
C:\WINDOWS\System32\SET43F.tmp deleted successfully.
C:\WINDOWS\System32\SET44.tmp deleted successfully.
C:\WINDOWS\System32\SET440.tmp deleted successfully.
C:\WINDOWS\System32\SET441.tmp deleted successfully.
C:\WINDOWS\System32\SET442.tmp deleted successfully.
C:\WINDOWS\System32\SET443.tmp deleted successfully.
C:\WINDOWS\System32\SET444.tmp deleted successfully.
C:\WINDOWS\System32\SET445.tmp deleted successfully.
C:\WINDOWS\System32\SET446.tmp deleted successfully.
C:\WINDOWS\System32\SET447.tmp deleted successfully.
C:\WINDOWS\System32\SET448.tmp deleted successfully.
C:\WINDOWS\System32\SET449.tmp deleted successfully.
C:\WINDOWS\System32\SET44A.tmp deleted successfully.
C:\WINDOWS\System32\SET44B.tmp deleted successfully.
C:\WINDOWS\System32\SET44C.tmp deleted successfully.
C:\WINDOWS\System32\SET44D.tmp deleted successfully.
C:\WINDOWS\System32\SET44E.tmp deleted successfully.
C:\WINDOWS\System32\SET44F.tmp deleted successfully.
C:\WINDOWS\System32\SET45.tmp deleted successfully.
C:\WINDOWS\System32\SET450.tmp deleted successfully.
C:\WINDOWS\System32\SET451.tmp deleted successfully.
C:\WINDOWS\System32\SET452.tmp deleted successfully.
C:\WINDOWS\System32\SET453.tmp deleted successfully.
C:\WINDOWS\System32\SET454.tmp deleted successfully.
C:\WINDOWS\System32\SET455.tmp deleted successfully.
C:\WINDOWS\System32\SET456.tmp deleted successfully.
C:\WINDOWS\System32\SET457.tmp deleted successfully.
C:\WINDOWS\System32\SET46.tmp deleted successfully.
C:\WINDOWS\System32\SET47.tmp deleted successfully.
C:\WINDOWS\System32\SET48.tmp deleted successfully.
C:\WINDOWS\System32\SET49.tmp deleted successfully.
C:\WINDOWS\System32\SET4A.tmp deleted successfully.
C:\WINDOWS\System32\SET97.tmp deleted successfully.
C:\WINDOWS\System32\SET98.tmp deleted successfully.
C:\WINDOWS\System32\SET99.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\SET9B.tmp deleted successfully.
C:\WINDOWS\System32\SET9C.tmp deleted successfully.
C:\WINDOWS\System32\SET9D.tmp deleted successfully.
C:\WINDOWS\System32\SET9E.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETA0.tmp deleted successfully.
C:\WINDOWS\System32\SETA1.tmp deleted successfully.
C:\WINDOWS\System32\SETA2.tmp deleted successfully.
C:\WINDOWS\System32\SETA3.tmp deleted successfully.
C:\WINDOWS\System32\SETA4.tmp deleted successfully.
C:\WINDOWS\System32\SETA5.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SETA7.tmp deleted successfully.
C:\WINDOWS\System32\SETA8.tmp deleted successfully.
C:\WINDOWS\System32\SETA9.tmp deleted successfully.
C:\WINDOWS\System32\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\SETAB.tmp deleted successfully.
C:\WINDOWS\System32\SETAC.tmp deleted successfully.
C:\WINDOWS\System32\SETAD.tmp deleted successfully.
C:\WINDOWS\System32\SETAE.tmp deleted successfully.
C:\WINDOWS\System32\SETAF.tmp deleted successfully.
C:\WINDOWS\System32\SETB0.tmp deleted successfully.
C:\WINDOWS\System32\SETB1.tmp deleted successfully.
C:\WINDOWS\System32\SETB2.tmp deleted successfully.
C:\WINDOWS\System32\SETB3.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\WINDOWS\System32\SETB5.tmp deleted successfully.
C:\WINDOWS\System32\SETB6.tmp deleted successfully.
C:\WINDOWS\System32\SETB7.tmp deleted successfully.
C:\WINDOWS\System32\SETB8.tmp deleted successfully.
C:\WINDOWS\System32\SETB9.tmp deleted successfully.
C:\WINDOWS\System32\SETBA.tmp deleted successfully.
C:\WINDOWS\System32\SETBB.tmp deleted successfully.
C:\WINDOWS\System32\SETBC.tmp deleted successfully.
C:\WINDOWS\System32\SETBD.tmp deleted successfully.
C:\WINDOWS\System32\SETBE.tmp deleted successfully.
C:\WINDOWS\System32\SETBF.tmp deleted successfully.
C:\WINDOWS\System32\SETC0.tmp deleted successfully.
C:\WINDOWS\System32\SETC1.tmp deleted successfully.
C:\WINDOWS\System32\SETC2.tmp deleted successfully.
C:\WINDOWS\System32\SETC3.tmp deleted successfully.
C:\WINDOWS\System32\tmp10A.tmp deleted successfully.
C:\WINDOWS\System32\tmp10B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET458.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET459.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET45F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET460.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET461.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET462.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET463.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET464.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET466.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET467.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET468.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET469.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET470.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET471.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET472.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET473.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET474.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET475.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET476.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET477.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET478.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET479.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET480.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET481.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET482.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET483.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET484.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET50.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET51.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET52.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET53.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET54.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET55.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET56.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET57.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET59.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET60.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET61.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET62.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET63.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET64.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET65.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET66.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET67.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET68.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET69.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET72.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET73.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET74.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET75.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET76.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET77.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC6.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETC9.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCA.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCB.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCC.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCD.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCE.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETCF.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD0.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD2.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD3.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD6.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETD9.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDA.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDB.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDC.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDD.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDE.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETDF.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE0.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE1.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE2.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE3.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE6.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETE9.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETEA.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETEB.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETEC.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETED.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETEE.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETEF.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF0.tmp deleted successfully.
C:\WINDOWS\tasks\kbujo.job moved successfully.
C:\WINDOWS\Fyecoqibuzixu.bin moved successfully.
C:\WINDOWS\Cwoneyeyogomusi.dat moved successfully.
File C:\WINDOWS\Tasks\kbujo.job not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\NIGEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NIGEL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Flash cache emptied: 41661 bytes

User: Guest
->Temp folder emptied: 984777 bytes
->Temporary Internet Files folder emptied: 5249289 bytes
->Flash cache emptied: 42095 bytes

User: JEAN
->Temp folder emptied: 1386971 bytes
->Temporary Internet Files folder emptied: 173449797 bytes
->Java cache emptied: 13442791 bytes
->Flash cache emptied: 14055 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 379330 bytes
->Flash cache emptied: 19920 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19872659 bytes
->Java cache emptied: 19534 bytes
->Flash cache emptied: 988 bytes

User: NIGEL
->Temp folder emptied: 14423179 bytes
->Temporary Internet Files folder emptied: 6506376 bytes
->Java cache emptied: 4271 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 44116 bytes

User: ROSALIND

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 836872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 52584996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 638408 bytes
RecycleBin emptied: 83918 bytes

Total Files Cleaned = 278.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: JEAN
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: NIGEL
->Flash cache emptied: 0 bytes

User: ROSALIND

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 11012010_180750

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NIGEL\Local Settings\Temp\Temporary Directory 5 for sfury206(Sea Fury 3).zip\SEA_FURY_FB11_UPDATE_V2.06\Add contents to Gauges Folder if you DONT have RCBCO-20 already installed\Gauges\rcb-miljet\Documentation COP V2.0\Adding Catapult or Arrester zones not found!
File\Folder C:\Documents and Settings\NIGEL\Local Settings\Temp\Temporary Directory 4 for sfury206(Sea Fury 3).zip\SEA_FURY_FB11_UPDATE_V2.06\Add contents to Gauges Folder if you DONT have RCBCO-20 already installed\Gauges\rcb-miljet\Documentation COP V2.0\Adding Catapult or Arrester zones not found!

Registry entries deleted on Reboot...









MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltMgr.sys
0xB9EFF000 sr.sys
0xB9EA2000 mfehidk.sys
0xBA118000 Lbd.sys
0xB9E8B000 KSecDD.sys
0xB9DFE000 Ntfs.sys
0xB9DD1000 NDIS.sys
0xB9DB6000 Mup.sys
0xBA188000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9857000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9843000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB981E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB97FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA558000 \SystemRoot\System32\Drivers\CLBStor.SYS
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB97D8000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\atl01_xp.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA5B0000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA736000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9724000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96E5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB96D4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB96B0000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB963D000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA428000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB9D7E000 \SystemRoot\System32\Drivers\PdiPorts.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA438000 \SystemRoot\system32\drivers\SaiNtBus.sys
0xBA5B8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB95E4000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA55C000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9720000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB971C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAD178000 \SystemRoot\system32\drivers\RtHDMI.sys
0xAD156000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACC85000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA498000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xACBE2000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xBA5D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA398000 \SystemRoot\System32\drivers\vga.sys
0xBA5DE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9690000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACBAF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACB57000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACB36000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACB0F000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB95DC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xACABF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xACA9D000 \SystemRoot\System32\drivers\afd.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xACA72000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xACA03000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA7EE000 \SystemRoot\System32\Drivers\BANTExt.sys
0xBA5E8000 \SystemRoot\system32\drivers\AsIO.sys
0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB97C8000 \SystemRoot\system32\DRIVERS\SaiH0464.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB97B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACC05000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA480000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F5000 \SystemRoot\System32\drivers\dxgthk.sys
0xACB0B000 \SystemRoot\System32\DRIVERS\pdiddcci.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EE000 \SystemRoot\System32\atikvmag.dll
0xBF15B000 \SystemRoot\System32\atiok3x2.dll
0xBF19E000 \SystemRoot\System32\ati3duag.dll
0xBF571000 \SystemRoot\System32\ativvaxx.dll
0xAA5C3000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0xAA5B2000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA706000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA216000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA205000 \SystemRoot\System32\Drivers\adfs.SYS
0xAA046000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC9AB000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA9DAE000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xA9A79000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9C62000 \SystemRoot\system32\drivers\cfwids.sys
0xA9793000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA99C9000 \SystemRoot\system32\drivers\mfebopk.sys
0xA9626000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9DA6000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xA959D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA99D9000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5C4000 \SystemRoot\system32\drivers\splitter.sys
0xA957A000 \SystemRoot\system32\drivers\aec.sys
0xB955C000 \SystemRoot\system32\drivers\swmidi.sys
0xA9839000 \SystemRoot\system32\drivers\DMusic.sys
0xA954F000 \SystemRoot\system32\drivers\kmixer.sys
0xBA6F7000 \SystemRoot\system32\drivers\drmkaud.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
1108 csrss.exe
1168 C:\WINDOWS\system32\winlogon.exe
1248 C:\WINDOWS\system32\services.exe
1264 C:\WINDOWS\system32\lsass.exe
1468 C:\WINDOWS\system32\ati2evxx.exe
1520 C:\WINDOWS\system32\svchost.exe
1620 svchost.exe
1760 C:\WINDOWS\system32\svchost.exe
1872 svchost.exe
2036 C:\WINDOWS\system32\ati2evxx.exe
140 svchost.exe
340 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
556 C:\WINDOWS\system32\spoolsv.exe
804 svchost.exe
856 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
928 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1092 C:\Program Files\Java\jre6\bin\jqs.exe
1188 C:\Program Files\Kontiki\KService.exe
1328 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1956 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
356 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
424 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
912 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1868 C:\WINDOWS\system32\svchost.exe
2052 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2232 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3756 unsecapp.exe
3976 alg.exe
2672 wmiprvse.exe
3724 C:\WINDOWS\explorer.exe
3972 C:\WINDOWS\system32\rundll32.exe
884 C:\WINDOWS\NOTEPAD.EXE
2408 C:\WINDOWS\system32\wuauclt.exe
1036 C:\Program Files\CyberLink\Shared Files\brs.exe
2852 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2280 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
3016 C:\Program Files\Common Files\AOL\1211986260\ee\aolsoftware.exe
2756 C:\Program Files\Saitek\Software\Profiler.exe
3148 C:\Program Files\Saitek\Software\SaiSmart.exe
812 C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
2364 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
3196 C:\WINDOWS\RTHDCPL.EXE
3212 C:\Program Files\Kontiki\KHost.exe
3216 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
3228 C:\Program Files\iTunes\iTunesHelper.exe
3900 C:\Program Files\McAfee.com\Agent\mcagent.exe
3244 C:\Program Files\QuickTime\QTTask.exe
572 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
220 C:\WINDOWS\system32\ctfmon.exe
2948 C:\Program Files\AOL 9.0\aoltray.exe
2292 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3696 C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
3516 C:\Program Files\Common Files\AOL\1211986260\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
2540 C:\Program Files\Common Files\AOL\1211986260\ee\aolsoftware.exe
820 C:\Program Files\iPod\bin\iPodService.exe
4496 C:\WINDOWS\system32\notepad.exe
5752 C:\Documents and Settings\NIGEL\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-22A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#4
SweetTech
Posted 02 November 2010 - 11:31 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.
  • 0

#5
Beagle Pup
Posted 06 November 2010 - 10:43 AM

Beagle Pup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi again Sweetech

I now post the Rootkit report and look forward to hearing from you:-


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9857000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5337088 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xACC85000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5050368 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF19E000 C:\WINDOWS\System32\ati3duag.dll 4009984 bytes (ATI Technologies Inc. , ati3duag.dll)
0xAD178000 C:\WINDOWS\system32\drivers\RtHDMI.sys 3686400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF571000 C:\WINDOWS\System32\ativvaxx.dll 2400256 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9DFE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF062000 C:\WINDOWS\System32\ati2cqag.dll 573440 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xACA03000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF0EE000 C:\WINDOWS\System32\atikvmag.dll 446464 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9EA2000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB95E4000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xACB57000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9E53000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 327680 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB963D000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF15B000 C:\WINDOWS\System32\atiok3x2.dll 274432 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xA8E1A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9DD1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA216000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA841A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACA72000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xACABF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA5C3000 C:\WINDOWS\System32\Drivers\CLBUDF.SYS 159744 bytes (CyberLink Corporation., UDF File System Driver )
0xACB0F000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB981E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB96B0000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA8BD5000 C:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xA8445000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB97D8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB97FB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xACA9D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAD156000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xACB36000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F11000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA9CA6000 C:\Program Files\CyberLink\PowerDVD\000.fcl 118784 bytes (Cyberlink Corp., FCL Driver)
0xB9DB6000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E8B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB96E5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8FA8000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xAA1C8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9724000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB9843000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACBAF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xACBE2000 C:\WINDOWS\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xAA1DD000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB96D4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA5B2000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB9738000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB9798000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA298000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA0B8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB954C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA318000 C:\WINDOWS\system32\DRIVERS\SaiH0464.sys 57344 bytes (Saitek, Saitek Hid Driver)
0xA91FD000 C:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA8F22000 C:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA985A000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xBA228000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xA918D000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\atl01_xp.sys 40960 bytes (Attansic Technology corporation., Attansic L1 Gigabit Ethernet Controller ndis miniport driver)
0xBA258000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB97A8000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA198000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA90FD000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xAC98B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA438000 C:\WINDOWS\system32\drivers\SaiNtBus.sys 28672 bytes (Saitek, Saitek Magic Bus)
0xBA388000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA398000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xBA498000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA3B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA420000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3F8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9718000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D76000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA5EA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\SaiMini.sys 16384 bytes (Saitek, Saitek Magic Mini Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA558000 C:\WINDOWS\System32\Drivers\CLBStor.SYS 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))
0xACAFB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB95E0000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB971C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xACC65000 C:\WINDOWS\System32\DRIVERS\pdiddcci.sys 12288 bytes (Portrait Displays, Inc., Portrait Displays DDC/CI Monitor Device Driver)
0xB9D7E000 C:\WINDOWS\System32\Drivers\PdiPorts.sys 12288 bytes (Portrait Displays, Inc., PdiPorts Device Driver)
0xB9694000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5B0000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA5EA000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xBA5DC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5D8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA606000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xBA5B8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA757000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA692000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBA7E2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7E6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89BB2AEA ?_empty_? 1302 bytes
0x89BB2EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x89E28D30 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F31000 WARNING: suspicious driver modification [atapi.sys::0x89BB2AEA]
0xB9718000 WARNING: Virus alike driver modification [kbdhid.sys], 16384 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=8134528172970330[1].htm7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\derFemale18to29;seg=GL_Buyers_GMB_51to100_last90da;seg=GL_AllRegisteredUsers;seg=GL_AllBid_Mar05;tcat=31802;items=233;sz=728x90;tile=1;ord=1238582603402;[1].htm7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\details;tile=4;sz=300x250%2C300x600%2C160x600%2C171x600%2C11x1;p=tr;d=L;s=20;d=A;g=fm;g=co;tt=tv;id=tt0415463;g=brc;g=dr;coo=usa;k=t;k=c;ord=2125395314878309[1]7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\ec=st;vpec=st;bt=bc;bt=bcf;bt=bh;bt=b;atf=1;atf=s;dt=b;!c=hagl;!c=hagn;pt=0;;tt=j;u=b00319p1j1k0osgkfg3,f0f12sa,g10001u;sz=728x90;tile=1;ord=8676720263536288[1]7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\le=2;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;rsi=10215;sz=160x600,120x600;refresh=;ord=3327258[1]1
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\ser,;tile=1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=728x90;refresh=;ord=624464401[1]7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\user,;tile=2;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=160x600,120x600;refresh=;ord=624464401[1]7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\V;kl=M;klg=en-gb;kgg=2;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;dcdupd=1;kga=1000;kar=2;kage=17;ku=N;kt=U;kcr=gb;kmyd=ad_creative_3;tile=3;ord=9698737317151984[1]4
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\GZPX2WTL\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=7155687471815438[1]7
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_1;kap=0;tile=1;dcopt=ist;ord=7155854799983663[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\0158;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;sz=728x90;refresh=;ord=878064117[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\0160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;rsi=10266;sz=728x90;refresh=;ord=761201474[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\;wi=art;wi=fan;wi=fiction;wi=ffx-2;wi=ffx2;wi=final;wi=fantasy;wi=fan;wi=fiction;jid=11021243;kw=fic;kw=challenge;!c=co;sz=728x90;pos=t;tile=1;ord=2748671669[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;time=all;kgg=2;kt=U;kcr=us;dc_dedup=1;kmyd=ad_creative_2;tile=2;ord=3199448218299773[1].htm5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\vec=st;vpec=st;bt=bc;bt=bcf;bt=bh;bt=b;atf=1;dt=b;!c=hagl;!c=hagn;pt=sl;pt=0;;tt=j;u=b0003na35zv0osgnb0e,f0f12sa,g10001u;sz=888x8;tile=3;ord=6998097328230736[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\HDU9VZ21\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=6211015027790120[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\L9QMPJS4\;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=4945611444262982[1].htm5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\L9QMPJS4\=panacea81;kr=F;khd=0;kt=K;ko=y;kpid=1469;kga=-1;u=p1z0803FNa0%7C1469;kgg=-1;kcr=gb;custp=UmC122H07lU5BWK7XZimhg;dc_dedup=1;ptile=1;dcopt=ist;ord=6640672[1].htm5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\L9QMPJS4\nder=f;ko=y;kpid=1216;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=hkcgGhpmC_Y%7C1216;kcr=gb;custp=EZufuEDQi-bHovN37Ra2EA;dc_dedup=1;ptile=2;dcopt=ist;ord=8753882[1].asxg
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\OLH1Y5MR\r;wa=im;wa=ah;wi=fan;wi=art;wi=fan;wi=fiction;wi=ffx-2;wi=ffx2;wi=final;wi=fantasy;wi=fan;wi=fiction;jid=11021243;!c=co;sz=728x90;pos=t;tile=1;ord=1090228279[1]6
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\OLH1Y5MR\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=6832116853643520[1]6
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\OLH1Y5MR\xSr9U8Vw;kgender=f;ko=p;kpid=526;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=68P2Ngl-hSk%7C526;kcr=gb;custp=zDIsPJjO0K5P00jG8JjlRg;dc_dedup=1;ptile=3;ord=2837765[1].asx6
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\PNVM4JEB\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_4;tile=4;ord=6480046191997374[1]g
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;rsi=10215;sz=728x90;refresh=;ord=389296708[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\;kgg=2;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;dcdupd=1;kga=1000;kar=2;kage=17;ku=N;kt=U;kcr=gb;kmyd=ad_creative_1;kap=0;tile=1;dcopt=ist;ord=8601457308423335[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=3479756993039941[1].htm5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\=2;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;rsi=10215;sz=160x600,120x600;refresh=;ord=198884404[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\=2;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;rsi=10215;sz=160x600,120x600;refresh=;ord=348932416[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\=2;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;rsi=10215;sz=160x600,120x600;refresh=;ord=354311873[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\=en,;tile=1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=728x90;refresh=;ord=359759548[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\ec=st;vpec=st;pt=0;bt=bc;bt=bcf;bt=bh;bt=b;atf=0;dt=b;!c=hagl;!c=hagn;at=m;;tt=j;u=b0025na35zv0osgnb0e,f0f02sa,g10002a;sz=300x250;tile=5;ord=6998097328230736[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\l=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_2;kap=0;tile=2;ord=8196779155725699[1]3
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\ser,;tile=1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=728x90;refresh=;ord=384142309[1]4
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\ser,;tile=1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=728x90;refresh=;ord=754247486[1]4
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\TUYJPPV5\user,;tile=1;dcopt=ist;true=1;gender=F;age=17;rsi=10102;rsi=10157;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10164;rsi=10214;sz=728x90;refresh=;ord=44833094[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\U2H3MO6V\5jHM-IFpDKZI5rqCuqBYhico5JBCFDO0nKmdREij1b6mueUf1c7MOo_71S6L41XTdoGxD9usQ-h_Q3pVIx-SsJeVSRbJ9XCAzl1rAjaCoHj07oQLArP9fDVVx-CdnirbR5XKi0vtZ0vy1YwM4g3A0Cero[1].png9
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\U2H3MO6V\st;vpec=st;pt=0;bt=bc;bt=bcf;bt=bh;bt=b;atf=0;dt=b;!c=hagl;!c=hagn;;tt=j;u=b0014l8xt0l0osgmxfj,f0f02sa,g10001u;sz=160x600,120x600;tile=4;ord=6038369962298562[1]9
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\U2H3MO6V\V;kl=M;klg=en-gb;kgg=2;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;dcdupd=1;kga=1000;kar=2;kage=17;ku=N;kt=U;kcr=gb;kmyd=ad_creative_2;tile=2;ord=5148159872257292[1]9
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\;kr=F;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;ko=p;afc=1;k1=pop;kage=17;custp=U4qlPNKbtQxH3KEiy4_aIA;kt=U;u=v6xi7VY8iDM%7C6;dc_dedup=1;ptile=3;ord=7517568[1].asx9
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\nder=f;ko=c;kpid=6;afc=1;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=IYRC4H64EFk%7C6;kcr=gb;custp=1M1NWNoyhO8pqU7mC2tR-w;dc_dedup=1;ptile=1;dcopt=ist;ord=7863576[1].htm9
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\st;vpec=st;pt=0;bt=bc;bt=bcf;bt=bh;bt=b;atf=0;dt=b;!c=hagl;!c=hagn;;tt=j;u=b00149p1j1k0osgkfg3,f0f02sa,g10001u;sz=160x600,120x600;tile=4;ord=8676720263536288[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\vec=st;vpec=st;bt=bc;bt=bcf;bt=bh;bt=b;atf=1;dt=b;!c=hagl;!c=hagn;pt=sl;pt=0;;tt=j;u=b0003l8xt0l0osgmxfj,f0f12sa,g10001u;sz=888x8;tile=3;ord=6038369962298562[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\w;kgender=f;ko=y;kpid=7816;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=hTV2bb3RpTY%7C7816;kcr=gb;kr=F;custp=rKdCadbo4eN_toHMa4-FSA;dc_dedup=1;ptile=3;ord=4068295[1].asx5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_2;tile=2;ord=3742595157612718[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_2;tile=2;ord=6119753541114087[1];
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\Z3TJTAXN\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_4;tile=4;ord=9014222049496850[1];
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\0158;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;sz=728x90;refresh=;ord=326913907[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\0158;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;sz=728x90;refresh=;ord=498110525[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\10158;rsi=10160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;sz=728x90;refresh=;ord=71096845[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\10160;rsi=10161;rsi=10162;rsi=10163;rsi=10186;rsi=10228;rsi=10200;rsi=10230;rsi=10250;rsi=10251;rsi=10253;rsi=10254;rsi=10266;sz=728x90;refresh=;ord=29731555[1]5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\8Vw;kgender=f;ko=p;kpid=526;kga=1000;kar=2;kp=1;kage=17;kgg=2;kt=U;u=ysO9WTmZLOM%7C526;kcr=gb;custp=zDIsPJjO0K5P00jG8JjlRg;dc_dedup=1;ptile=3;ord=1762996[1].asx5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\f;ko=y;kpid=7816;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=aUGruyMePcU%7C7816;kcr=gb;kr=F;custp=rKdCadbo4eN_toHMa4-FSA;dc_dedup=1;ptile=1;dcopt=ist;ord=1487951[1].htm5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\f;ko=y;kpid=7816;kga=1000;kar=2;kage=17;kgg=2;kt=U;u=aUGruyMePcU%7C7816;kcr=gb;kr=F;custp=rKdCadbo4eN_toHMa4-FSA;dc_dedup=1;ptile=2;dcopt=ist;ord=1487951[1].asx5
!-->[Hidden] C:\Documents and Settings\ROSALIND\Local Settings\Temporary Internet Files\Content.IE5\ZBKT5VXN\x100;kl=N;klg=en-gb;custl=rDSnxr_ZOLbP8mxSr9U8Vw;kgender=f;kga=1000;kar=2;kage=17;kgg=2;kt=U;kcr=gb;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=8945115335152654[1]5
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\A0016282.ini
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\A0016283.ini
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\A0016284.ini
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\change.log
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\RestorePointSize
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\rp.log
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\ComDb.Dat
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\domain.txt
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\$WinMgmt.CFG
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\INDEX.BTR
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\INDEX.MAP
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\MAPPING.VER
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\MAPPING1.MAP
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\MAPPING2.MAP
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\OBJECTS.DATA
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\Repository\FS\OBJECTS.MAP
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_MACHINE_SAM
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_MACHINE_SECURITY
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_MACHINE_SOFTWARE
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_MACHINE_SYSTEM
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_.DEFAULT
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2689334666-3409229528-900351719-1005
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2689334666-3409229528-900351719-1006
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2689334666-3409229528-900351719-1007
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2689334666-3409229528-900351719-501
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2689334666-3409229528-900351719-1005
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2689334666-3409229528-900351719-1006
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2689334666-3409229528-900351719-1007
!-->[Hidden] C:\System Volume Information\_restore{24588ACE-EEBB-484D-B754-B1876B9CB6B5}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2689334666-3409229528-900351719-501
!-->[Hidden] C:\WINDOWS\Prefetch\ALCMTR.EXE-235F9538.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\AOLDIAL.EXE-13C23121.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-0AAD99E2.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\GOOGLEDESKTOPDISPLAY.EXE-1B0033B3.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\KHOST.EXE-0B46E9A4.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\MCENUI.EXE-0BE03397.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\MCINSUPD.EXE-09F3CFD8.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\MCSVRCNT.EXE-024F4049.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\MCVSMAP.EXE-280B7A39.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-204CB121.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-2083E65D.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-32218C73.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-366DAD2A.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-368B65C0.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F5334BF.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F570AED.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-4000FBC4.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-41FF7C84.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\RUNDLL32.EXE-490D0FC8.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\SAISMART.EXE-2ACF1726.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\SHIPSIM2008_DEMO_V1.EXE-378ADDD3.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\SKYPENAMES.EXE-1C48F35D.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\SSPIPES.SCR-151C97BA.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\UPDATE.EXE-36E5D427.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\WINDOWS-KB890830-V2.0-DELTA.E-2AF14398.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002CA10, Type: Inline - RelativeJump 0x80503A10-->8050399E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006DF0E, Type: Inline - RelativeJump 0x80544F0E-->80544F15 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x806225DE-->B9ED50AA [mfehidk.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x806227AE-->B9ED50D6 [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x805B0A7E-->B9ED512C [mfehidk.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Inline - RelativeJump 0x806234E4-->B9ED5080 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805C9D0E-->B9ED5058 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Inline - RelativeJump 0x805C9F9A-->B9ED506C [mfehidk.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Inline - RelativeJump 0x80621B68-->B9ED50C0 [mfehidk.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Inline - RelativeJump 0x805BE9BA-->B9ED5102 [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805D1238-->B9ED5156 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805B188C-->B9ED5142 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80503FF4-->B9ED5116 [mfehidk.sys]
[1068]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1068]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1068]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1068]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1068]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1068]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1068]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1068]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1068]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1068]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1268]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1268]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1268]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1268]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1268]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1268]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1268]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1268]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1268]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1268]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1280]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1280]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1280]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1280]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1280]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1280]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1280]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1280]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1280]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1280]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1528]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1528]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1528]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1528]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1528]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1528]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1528]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1528]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1528]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1528]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1632]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1632]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1632]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1632]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1632]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1632]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1632]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1680]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1680]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1680]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1680]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1680]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1680]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1680]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1680]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1680]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1680]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1680]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E41BD76-->00000000 [unknown_code_page]
[1680]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1680]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1680]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1680]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1680]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1796]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1796]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1796]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1796]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1796]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1796]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1796]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1796]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1796]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1796]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[1880]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[1880]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[1880]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1880]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1880]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1880]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1880]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1880]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1880]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1880]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[2624]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13EC-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A4-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13E0-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F8-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411308-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [tbdiag.dll]
[2624]aolsoftware.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3D931444-->00000000 [tbdiag.dll]
[3300]wuauclt.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3300]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3612]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13EC-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A4-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13E0-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F8-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411308-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3D931444-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB1168-->00000000 [tbdiag.dll]
[3612]aolsoftware.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71AB119C-->00000000 [tbdiag.dll]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[412]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[412]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[412]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[412]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[412]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
[436]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [McProxy.dll]
[436]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [McProxy.dll]
[560]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71A510BC-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13EC-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A4-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13E0-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F8-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411308-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3D931444-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB1168-->00000000 [tbdiag.dll]
[560]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71AB119C-->00000000 [tbdiag.dll]
[828]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DE4706-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE834-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD774C-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DE45EE-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEE08-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7832-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6A8F-->00000000 [unknown_code_page]
[828]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7926-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C85FE94-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0EF-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81E0D7-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EEE-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E50-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A5D-->00000000 [unknown_code_page]
[828]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [unknown_code_page]
[828]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[828]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[828]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[828]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[828]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[828]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[828]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[828]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[828]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[828]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[828]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[828]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[828]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB3B91-->00000000 [unknown_code_page]
  • 0

#6
SweetTech
Posted 06 November 2010 - 10:50 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#7
Beagle Pup
Posted 08 November 2010 - 12:12 PM

Beagle Pup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Sweet Tech

Thanks for this. I'll run TDSS and ComboFix and will let you know how things go.

Beagle Pup
  • 0

#8
SweetTech
Posted 08 November 2010 - 12:26 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay
  • 0

#9
SweetTech
Posted 11 November 2010 - 06:27 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
SweetTech
Posted 15 November 2010 - 02:00 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Topic re-opened per request.
  • 0

Advertisements

#11
SweetTech
Posted 15 November 2010 - 02:01 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Were you able to run TDSKiller successfully?

Do you have your Windows XP disc?
  • 0

#12
Beagle Pup
Posted 16 November 2010 - 02:05 PM

Beagle Pup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi SweetTech

Many thanks for reopening this thread.

I do have the Windows XP disc and now post the results of the TDSS report:-

2010/11/10 16:36:48.0640 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/10 16:36:48.0640 ================================================================================
2010/11/10 16:36:48.0640 SystemInfo:
2010/11/10 16:36:48.0640
2010/11/10 16:36:48.0640 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/10 16:36:48.0640 Product type: Workstation
2010/11/10 16:36:48.0640 ComputerName: PCSPECIALIST
2010/11/10 16:36:48.0640 UserName: NIGEL
2010/11/10 16:36:48.0640 Windows directory: C:\WINDOWS
2010/11/10 16:36:48.0640 System windows directory: C:\WINDOWS
2010/11/10 16:36:48.0640 Processor architecture: Intel x86
2010/11/10 16:36:48.0640 Number of processors: 2
2010/11/10 16:36:48.0640 Page size: 0x1000
2010/11/10 16:36:48.0640 Boot type: Normal boot
2010/11/10 16:36:48.0640 ================================================================================
2010/11/10 16:36:49.0093 Initialize success
2010/11/10 16:37:33.0953 ================================================================================
2010/11/10 16:37:33.0953 Scan started
2010/11/10 16:37:33.0953 Mode: Manual;
2010/11/10 16:37:33.0953 ================================================================================
2010/11/10 16:37:35.0093 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/10 16:37:35.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/10 16:37:35.0234 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/11/10 16:37:35.0312 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/10 16:37:35.0390 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/10 16:37:35.0562 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/10 16:37:35.0687 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2010/11/10 16:37:35.0734 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/10 16:37:35.0796 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/10 16:37:35.0828 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2010/11/10 16:37:36.0421 ati2mtag (b1ae41cfe277e043837aa2b875adb757) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/10 16:37:36.0515 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/11/10 16:37:36.0546 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/10 16:37:36.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/10 16:37:36.0625 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/11/10 16:37:36.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/10 16:37:36.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/10 16:37:36.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/10 16:37:36.0781 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/10 16:37:36.0828 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/10 16:37:37.0015 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
2010/11/10 16:37:37.0265 CLBStor (3b15740f137b2b243fdae2e7b9c391f7) C:\WINDOWS\system32\drivers\CLBStor.sys
2010/11/10 16:37:37.0625 CLBUDF (f5c65ca7c0d348820caf9b499d783243) C:\WINDOWS\system32\drivers\CLBUDF.sys
2010/11/10 16:37:38.0250 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/10 16:37:38.0343 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/10 16:37:38.0421 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/10 16:37:38.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/10 16:37:38.0531 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/10 16:37:38.0609 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/10 16:37:38.0687 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/10 16:37:38.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/10 16:37:38.0765 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/10 16:37:38.0796 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/10 16:37:38.0843 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/10 16:37:38.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/10 16:37:38.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/10 16:37:38.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/10 16:37:39.0031 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/10 16:37:39.0062 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
2010/11/10 16:37:39.0078 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/10 16:37:39.0109 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/10 16:37:39.0250 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/10 16:37:39.0312 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/10 16:37:39.0375 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/10 16:37:39.0781 IntcAzAudAddService (b00bb702f990797cc9e1062adcfb654d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/10 16:37:40.0140 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/10 16:37:40.0203 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/10 16:37:40.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/10 16:37:40.0250 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/10 16:37:40.0328 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/10 16:37:40.0343 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/10 16:37:40.0390 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/10 16:37:40.0421 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/10 16:37:40.0484 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/10 16:37:40.0531 kbdhid (3ea266302e068fad83a1af2b948e9dc2) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/10 16:37:40.0531 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdhid.sys. Real md5: 3ea266302e068fad83a1af2b948e9dc2, Fake md5: e182fa8e49e8ee41b4adc53093f3c7e6
2010/11/10 16:37:40.0531 kbdhid - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/10 16:37:40.0640 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/10 16:37:40.0718 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/10 16:37:40.0937 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/10 16:37:41.0062 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/10 16:37:41.0187 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/11/10 16:37:41.0296 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/10 16:37:41.0359 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/10 16:37:41.0468 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/11/10 16:37:41.0609 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/10 16:37:41.0687 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/10 16:37:41.0687 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/10 16:37:41.0750 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/11/10 16:37:41.0843 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/10 16:37:41.0906 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/10 16:37:42.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/10 16:37:42.0062 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2010/11/10 16:37:42.0390 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/10 16:37:42.0750 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/10 16:37:43.0078 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/10 16:37:43.0359 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/10 16:37:43.0421 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/11/10 16:37:43.0609 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/10 16:37:43.0796 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/10 16:37:43.0921 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/10 16:37:43.0968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/10 16:37:44.0000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/10 16:37:44.0031 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/10 16:37:44.0062 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/10 16:37:44.0437 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/11/10 16:37:44.0812 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/10 16:37:45.0359 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/10 16:37:45.0734 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/10 16:37:46.0171 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/10 16:37:46.0515 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/10 16:37:46.0843 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/10 16:37:47.0265 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/10 16:37:47.0687 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/10 16:37:48.0078 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/10 16:37:48.0453 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/10 16:37:48.0921 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/10 16:37:49.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/10 16:37:50.0281 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/10 16:37:50.0718 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/10 16:37:51.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/10 16:37:51.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/10 16:37:51.0546 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/10 16:37:51.0609 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/10 16:37:51.0656 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/10 16:37:51.0703 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/10 16:37:51.0750 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/10 16:37:51.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/10 16:37:51.0828 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/10 16:37:51.0906 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
2010/11/10 16:37:51.0953 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
2010/11/10 16:37:52.0078 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/10 16:37:52.0125 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/10 16:37:52.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/10 16:37:52.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/10 16:37:52.0406 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/10 16:37:52.0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/10 16:37:52.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/10 16:37:52.0625 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/10 16:37:52.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/10 16:37:52.0734 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/10 16:37:52.0796 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/10 16:37:53.0328 RTHDMIAzAudService (ee76248ca187bb50ff964a287d420fee) C:\WINDOWS\system32\drivers\RtHDMI.sys
2010/11/10 16:37:54.0984 SaiH0464 (a9eb76c0638250208f8261ac3050656e) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
2010/11/10 16:37:55.0312 SaiMini (af8fba63bf9493d1d2d6a9256dce4df3) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
2010/11/10 16:37:55.0703 SaiNtBus (ccc2eeb8bdaa2d5343786e6f50f9536f) C:\WINDOWS\system32\drivers\SaiNtBus.sys
2010/11/10 16:37:56.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/10 16:37:56.0437 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/10 16:37:56.0562 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/10 16:37:56.0625 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/10 16:37:56.0796 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/10 16:37:56.0875 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/10 16:37:57.0031 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/10 16:37:57.0093 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/10 16:37:57.0156 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/10 16:37:57.0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/10 16:37:57.0453 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/10 16:37:57.0515 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/10 16:37:57.0562 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/10 16:37:57.0640 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/10 16:37:57.0718 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/10 16:37:57.0890 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/10 16:37:57.0953 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/10 16:37:58.0062 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/10 16:37:58.0109 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/10 16:37:58.0156 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/10 16:37:58.0203 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/10 16:37:58.0281 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/10 16:37:58.0328 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/10 16:37:58.0390 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/10 16:37:58.0531 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/10 16:37:58.0875 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/10 16:37:59.0171 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/10 16:37:59.0546 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/10 16:37:59.0609 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/10 16:37:59.0656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/10 16:37:59.0781 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/10 16:38:00.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/10 16:38:00.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/10 16:38:00.0781 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
2010/11/10 16:38:00.0906 ================================================================================
2010/11/10 16:38:00.0906 Scan finished
2010/11/10 16:38:00.0906 ================================================================================
2010/11/10 16:38:00.0921 Detected object count: 1
2010/11/10 16:38:28.0093 kbdhid (3ea266302e068fad83a1af2b948e9dc2) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/10 16:38:28.0093 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdhid.sys. Real md5: 3ea266302e068fad83a1af2b948e9dc2, Fake md5: e182fa8e49e8ee41b4adc53093f3c7e6
2010/11/10 16:38:33.0250 Backup copy found, using it..
2010/11/10 16:38:33.0265 C:\WINDOWS\system32\DRIVERS\kbdhid.sys - will be cured after reboot
2010/11/10 16:38:33.0265 Rootkit.Win32.TDSS.tdl3(kbdhid) - User select action: Cure
2010/11/10 16:38:47.0656 Deinitialize success

I look forward to hearing from you.
  • 0

#13
SweetTech
Posted 16 November 2010 - 02:14 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello again,

TDSSKiller found an infection, and has fixed it.

Please go ahead and delete your current copy of ComboFix, and download a new copy. If it prompts you to install the RC (Recovery Console), please try and proceed through it, and see if ComboFix will run.
  • 0

#14
Beagle Pup
Posted 18 November 2010 - 01:19 PM

Beagle Pup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi SweetTech

Many thanks for this. I'll download and run ComboFix again as you suggest and will report back.
  • 0

#15
SweetTech
Posted 18 November 2010 - 01:30 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Ok.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP