Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware removal software and iexplorer wont load

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware removal software and iexplorer wont load

Unread postby hello1 » October 14th, 2010, 2:35 am

I was able to run hijackthis by renaming it and start a scan, heres the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:18 AM, on 10/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Program Files\winlogon\Trend Micro\HiJackThis\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918223035.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O15 - Trusted Zone: http://www.convergysworkathome.com
O15 - Trusted Zone: http://www.kidzui.com
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13827 bytes

I hope you can find the cause of my problem in this log.
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am
Advertisement
Register to Remove

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 16th, 2010, 8:16 am

Hi hello1

download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

Please reply with

logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: logs from RSIT (log.txt ,info.txt)

Unread postby hello1 » October 16th, 2010, 10:37 pm

I downloaded and ran RSIT, here are the files:

info.txt logfile of random's system information tool 1.08 2010-10-16 21:01:37

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adventures in Typing with Timon and Pumbaa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9 Adventures in Typing with Timon and Pumbaa
Alive HD Video Converter (version 2.0.2.8)-->"C:\Program Files\AliveMedia\HD Video Converter\unins000.exe"
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
ALTools Update-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Anvil Studio-->C:\Windows\system32\AsUninst.exe
AOL Toolbar 4.0-->"C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe"
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
Brother MFL-Pro Suite MFC-255CW-->"C:\Program Files\InstallShield Installation Information\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9e_C1 -removeonly
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
Caterpillar (remove only)-->"C:\Program Files\eGames\Caterpillar\Uninst.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Click to DVD 2.0.05 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Clifford Phonics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire-->MsiExec.exe /I{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}
Crackle Screen Saver 1.0-->"C:\Program Files\Crackle\Crackle Screen Saver\unins000.exe"
Diner Dash Two-->C:\Program Files\Diner Dash Two\Uninstal.exe
Disney Pixar 1st Grade Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2EE7CBE-54E9-426C-84A5-E08BFBE4BD76}\setup.exe" -l0x9 Disney Pixar 1st Grade Print
Disney Pixar 1st Grade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2390090F-3453-41A8-8416-373C26AB2750}\setup.exe" -l0x9 Disney Pixar 1st Grade
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
Free Video Cutter 1.1-->"C:\Program Files\Free Video Cutter\unins000.exe"
Freelancer-->"C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar.dll"
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
ImTOO MOV Converter-->C:\Program Files\ImTOO\MOV Converter\Uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IsoBuster 2.6-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JSWPFCom-->MsiExec.exe /X{9A2F0A59-B202-4D2A-9343-A7E5ACE852B7}
JSWPFGrade2-->MsiExec.exe /I{30363C5E-1A3E-43B2-947F-7589DC1DA185}
JumpStart 3D Ages 6-8-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSWorld2GUn.exe
JumpStart Field Trip Adventure-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSFTAdvUn.exe
Lippincott's Review Series: Mental Health and Psychiatric Nursing-->C:\PROGRA~1\LIPPIN~1\MHP\UNWISE32.EXE C:\PROGRA~1\LIPPIN~1\MHP\INSTALL.LOG
LocationFree Player-->MsiExec.exe /I{D937DD80-3928-4617-876F-538A25AECB17}
Luxor 2 (remove only)-->"C:\Program Files\MumboJumbo\Luxor 2\uninstall.exe"
McAfee Total Protection-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
McAfee Virtual Technician-->MsiExec.exe /I{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Mystery Club Detective Academy-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\DetAcademyUn.exe
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
NCLEX-RN Strategy Practice Exam-->"C:\Program Files\Kap.NCLEX\unins000.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenMG Limited Patch 4.7-07-15-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickBooks Simple Start Free Starter Edition-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Free Starter Edition" ADDREMOVE=1 OEMVENDOR=SONY
QuickCam-->MsiExec.exe /I{43A9F944-0398-425E-9E22-201F65FE0CCA}
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roller Rush-->C:\PROGRA~1\GAMEHO~1\ROLLER~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\ROLLER~1\INSTALL.LOG
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
ScanSoft PaperPort 11-->MsiExec.exe /I{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}
Scholastic's I SPY Junior-->C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -l0x9 -removeonly
Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Tomb Raider-->"C:\Program Files\Core Design\Tomb Raider\unins000.exe"
Ultra Video Splitter 5.4.0610-->"C:\Program Files\Ultra Video Splitter\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
VAIO Azure Float Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0312BD0D-A1FE-4E1A-9208-D436F566D867}\setup.exe" -l0x9 -removeonly
VAIO Center Access Bar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C299F969-AE3D-4679-ADF5-682A186CE62E}\setup.exe" -l0x9 -removeonly
VAIO Content Folder Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -l0x9 -removeonly
VAIO Content Importer / VAIO Content Exporter-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E74F7423-77CB-4F6A-A44D-604E1010FE50}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
VAIO Floral Dusk Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}\setup.exe" -l0x9 -removeonly
VAIO Help And Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D716354-2C08-48DC-9AC5-957348048817}\setup.exe" -l0x9 -removeonly
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -l0x9 -removeonly
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO MusicBox Sample Music-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -l0x9 -removeonly
VAIO MusicBox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -l0x9 -removeonly
VAIO OOBE and Welcome Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\setup.exe" -l0x9 -removeonly
VAIO Original Function Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -l0x9 -removeonly
VAIO PC Wireless LAN Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCED773C-99EE-48DD-8915-25733F69F0A8}\setup.exe" -l0x9 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x9 -removeonly
VAIO Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BABC878D-BB64-4688-9A88-1D9E88F339A9}\setup.exe" -l0x9 -removeonly
VAIO Security Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}\setup.exe" -l0x9 -removeonly
VAIO Service Utility-->C:\Program Files\Sony\VAIO Service Utility\uninstall.exe
VAIO Smart Network-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -l0x9 -removeonly
VAIO Survey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34B37A74-125E-4406-87BA-E4BD3D097AE5}\setup.exe" -l0x9 -removeonly
VAIO Teal Whisper Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235915A8-1C0D-4920-95EA-FE8B773E5F57}\setup.exe" -l0x9 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoGet-->"C:\Program Files\Nuclear Coffee\VideoGet\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xilisoft Video Cutter-->C:\Program Files\Xilisoft\Video Cutter\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB980182(Update) into Install Requested(Install Requested) state
Record Number: 222224
Source Name: Microsoft-Windows-Servicing
Time Written: 20100331080238.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB980182(Update) into Install Requested(Install Requested) state
Record Number: 222222
Source Name: Microsoft-Windows-Servicing
Time Written: 20100331080238.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB980182(Update) into Install Requested(Install Requested) state
Record Number: 222220
Source Name: Microsoft-Windows-Servicing
Time Written: 20100331080238.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 222132
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100331075937.000000-000
Event Type: Error
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 8003
Message: The master browser has received a server announcement from the computer REDHORZE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E2BE8A7A-3EA8-48F8-98EF-4C835DD65. The master browser is stopping or an election is being forced.
Record Number: 222126
Source Name: bowser
Time Written: 20100331051842.031030-000
Event Type: Error
User:

=====Application event log=====

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 1002
Message: STI BrtSTI: [2010/07/28 23:41:49.820]: [00002760]: SendSKeySettingToDevice:: Check Langcode Failed [-1]

Record Number: 826479
Source Name: Brother BrLog
Time Written: 20100729044149.000000-000
Event Type: Warning
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 1002
Message: STI BrtSTI: [2010/07/28 23:41:49.820]: [00002760]: QueryLanguageCode:: Check Version Failed[-1]

Record Number: 826478
Source Name: Brother BrLog
Time Written: 20100729044149.000000-000
Event Type: Warning
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 1001
Message: STI BrtSTI: [2010/07/28 23:40:45.704]: [00002760]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.84]

Record Number: 826477
Source Name: Brother BrLog
Time Written: 20100729044045.000000-000
Event Type: Error
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 1002
Message: STI BrtSTI: [2010/07/28 23:40:40.665]: [00002760]: SendSKeySettingToDevice:: Check Langcode Failed [-1]

Record Number: 826476
Source Name: Brother BrLog
Time Written: 20100729044040.000000-000
Event Type: Warning
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 1002
Message: STI BrtSTI: [2010/07/28 23:40:40.649]: [00002760]: QueryLanguageCode:: Check Version Failed[-1]

Record Number: 826475
Source Name: Brother BrLog
Time Written: 20100729044040.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2c50816
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: CHRISGUAPO69-PC
Source Network Address: 192.168.1.3
Source Port: 58494

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 76012
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091225073940.089407-000
Event Type: Audit Success
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2c507fe
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: CHRISGUAPO69-PC
Source Network Address: 192.168.1.3
Source Port: 58493

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 76011
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091225073939.995807-000
Event Type: Audit Success
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2b974c9

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 76010
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091225072749.080207-000
Event Type: Audit Success
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2b974bb

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 76009
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091225072749.080207-000
Event Type: Audit Success
User:

Computer Name: LH-BX1YOLJ1CC1W
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2b974c9
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: CHRISGUAPO69-PC
Source Network Address: 192.168.1.3
Source Port: 58400

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 76008
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091225072738.540607-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\ESTsoft\ALZip;C:\Program Files\Smart Projects\IsoBuster;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Logfile of random's system information tool 1.08 (written by random/random)
Run by sorgalim at 2010-10-16 21:01:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 51 GB (35%) free of 145 GB
Total RAM: 1014 MB (27% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{5AEE247A-956D-47E6-9D9E-512F81518B73}.job
C:\Windows\tasks\User_Feed_Synchronization-{71175874-2CFD-4E43-8EED-DFC87258B26B}.job
C:\Windows\tasks\User_Feed_Synchronization-{8DD838EA-B9DD-4B13-9C4E-EBA90BA1A25C}.job
C:\Windows\tasks\User_Feed_Synchronization-{EB2E239E-B845-49C6-9F1A-E479D6E8659C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-26 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2007-01-08 976432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918223035.dll [2010-08-24 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll [2008-05-22 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2007-01-08 976432]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar.dll [2008-05-22 745472]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-25 4489216]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-29 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-29 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-29 133656]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-08 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"DXM6Patch_981116"=C:\Windows\p_981116.exe [1998-11-30 497376]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"Skytel"=C:\Windows\Skytel.exe [2007-06-25 1826816]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-01-19 1150976]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2009-01-09 114688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-06-10 785520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Windows\system32\qttask.exe [2009-09-28 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-09-09 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-08-26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
c:\program files\sony\VAIO Center Access Bar\VCAB.exe [2007-06-21 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe [2007-07-20 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe [2007-07-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2005-10-09 610365]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
C:\PROGRA~1\REALIT~1\REALIT~1\Program\RFTRay.exe [2000-07-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
 + []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-06-29 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x95000000
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-16 21:01:28 ----D---- C:\rsit
2010-10-16 21:01:28 ----D---- C:\Program Files\trend micro
2010-10-14 01:16:31 ----D---- C:\Program Files\winlogon
2010-10-08 20:19:06 ----A---- C:\Windows\system32\win32k.sys
2010-10-08 20:18:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-10-08 20:18:59 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-10-08 20:10:18 ----A---- C:\Windows\system32\rtutils.dll
2010-10-08 20:09:04 ----A---- C:\Windows\system32\tzres.dll
2010-10-08 20:05:08 ----A---- C:\Windows\system32\iccvid.dll
2010-10-08 20:05:00 ----A---- C:\Windows\system32\schannel.dll
2010-10-08 20:04:43 ----A---- C:\Windows\system32\gameux.dll
2010-10-08 20:04:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-08 20:04:34 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-08 16:59:24 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-08 16:59:24 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-08 01:48:58 ----D---- C:\Windows\temp
2010-10-08 01:48:56 ----A---- C:\ComboFix.txt
2010-10-08 01:47:50 ----SHD---- C:\$RECYCLE.BIN
2010-10-08 01:33:44 ----D---- C:\Combo-Fix25C
2010-10-08 01:33:12 ----A---- C:\Windows\SWXCACLS.exe
2010-10-07 03:40:37 ----D---- C:\Program Files\Windows Portable Devices
2010-10-07 03:22:37 ----A---- C:\Windows\system32\UIAnimation.dll
2010-10-07 03:22:36 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-10-07 03:22:36 ----A---- C:\Windows\system32\UIRibbon.dll
2010-10-07 03:21:57 ----A---- C:\Windows\system32\WMPhoto.dll
2010-10-07 03:21:57 ----A---- C:\Windows\system32\cdd.dll
2010-10-07 03:21:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-10-07 03:21:56 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-10-07 03:21:56 ----A---- C:\Windows\system32\d3d10warp.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\xpsservices.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\XpsPrint.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-10-07 03:21:55 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\OpcServices.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\FntCache.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\dxdiagn.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\dxdiag.exe
2010-10-07 03:21:55 ----A---- C:\Windows\system32\DWrite.dll
2010-10-07 03:21:55 ----A---- C:\Windows\system32\d2d1.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\dxgi.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d11.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d10level9.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d10core.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d10_1.dll
2010-10-07 03:21:54 ----A---- C:\Windows\system32\d3d10.dll
2010-10-07 03:21:17 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-10-07 03:21:17 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-10-07 03:21:17 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-10-07 03:21:15 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\WPDSp.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\wpdshext.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\wpd_ci.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-10-07 03:21:12 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-10-07 03:20:11 ----A---- C:\Windows\system32\oleaccrc.dll
2010-10-07 03:20:10 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-10-07 03:20:10 ----A---- C:\Windows\system32\oleacc.dll
2010-10-06 20:36:35 ----D---- C:\Combo-Fix21395C
2010-10-06 20:15:02 ----A---- C:\Windows\system32\msxml3.dll
2010-10-06 20:14:47 ----A---- C:\Windows\system32\usp10.dll
2010-10-06 20:04:18 ----A---- C:\TDSSKiller.2.4.4.0_06.10.2010_20.04.17_log.txt
2010-10-06 17:18:02 ----D---- C:\Combo-Fix30066C
2010-10-06 16:27:02 ----A---- C:\Windows\system32\spoolsv.exe
2010-10-06 16:26:10 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-10-06 16:24:08 ----A---- C:\RootRepeal report 10-06-10 (16-24-08).txt
2010-10-06 16:21:54 ----A---- C:\TDSSKiller.2.4.4.0_06.10.2010_16.21.53_log.txt
2010-10-06 15:45:34 ----D---- C:\Users\sorgalim\AppData\Roaming\McAfee
2010-10-06 04:37:25 ----A---- C:\Windows\system32\secproc_isv.dll
2010-10-06 04:37:25 ----A---- C:\Windows\system32\secproc.dll
2010-10-06 04:37:20 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-10-06 04:37:20 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-10-06 04:37:20 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-10-06 04:37:19 ----A---- C:\Windows\system32\RMActivate.exe
2010-10-06 04:37:16 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-10-06 04:37:16 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-10-06 04:37:14 ----A---- C:\Windows\system32\msdrm.dll
2010-10-06 04:32:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-10-06 04:31:49 ----A---- C:\Windows\system32\inetcomm.dll
2010-10-06 03:53:40 ----A---- C:\Windows\system32\wmp.dll
2010-10-06 03:53:34 ----A---- C:\Windows\system32\unregmp2.exe
2010-10-06 03:53:18 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-05 22:37:40 ----A---- C:\Windows\zip.exe
2010-10-05 22:37:40 ----A---- C:\Windows\SWSC.exe
2010-10-05 22:37:40 ----A---- C:\Windows\SWREG.exe
2010-10-05 22:37:40 ----A---- C:\Windows\sed.exe
2010-10-05 22:37:40 ----A---- C:\Windows\PEV.exe
2010-10-05 22:37:40 ----A---- C:\Windows\NIRCMD.exe
2010-10-05 22:37:40 ----A---- C:\Windows\MBR.exe
2010-10-05 22:37:40 ----A---- C:\Windows\grep.exe
2010-10-05 22:36:57 ----D---- C:\Windows\ERDNT
2010-10-05 22:36:55 ----D---- C:\Combo-Fix
2010-10-05 21:50:59 ----D---- C:\Users\sorgalim\AppData\Roaming\ImgBurn
2010-10-05 21:31:20 ----D---- C:\Program Files\ImgBurn
2010-10-05 20:04:17 ----A---- C:\TDSSKiller.2.4.4.0_05.10.2010_20.04.17_log.txt
2010-10-05 17:43:11 ----D---- C:\TDSSKiller_Quarantine
2010-10-05 17:42:10 ----A---- C:\TDSSKiller.2.4.4.0_05.10.2010_17.42.10_log.txt
2010-10-05 16:51:59 ----A---- C:\TDSSKiller.2.4.4.0_05.10.2010_16.51.59_log.txt
2010-10-04 23:20:43 ----D---- C:\Qoobox
2010-10-04 03:30:05 ----A---- C:\RootRepeal report 10-04-10 (03-30-05).txt
2010-10-04 02:48:54 ----A---- C:\RootRepeal report 10-04-10 (02-48-54).txt
2010-10-01 02:55:49 ----A---- C:\RootRepeal report 10-01-10 (02-55-49).txt
2010-09-27 01:23:14 ----D---- C:\Program Files\HJT
2010-09-26 23:48:12 ----D---- C:\Program Files\Mal
2010-09-26 17:20:29 ----D---- C:\Program Files\MAW
2010-09-26 16:21:25 ----D---- C:\Program Files\Enigma Software Group
2010-09-26 16:20:59 ----D---- C:\Windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP
2010-09-26 16:20:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-09-26 15:59:28 ----D---- C:\ProgramData\PC Tools
2010-09-26 15:54:59 ----D---- C:\!KillBox
2010-09-24 22:52:56 ----D---- C:\ProgramData\Update
2010-09-22 22:10:55 ----A---- C:\Windows\system32\drivers\sdjpfned.sys
2010-09-21 01:48:33 ----D---- C:\Windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
2010-09-19 00:32:05 ----D---- C:\Users\sorgalim\AppData\Roaming\DriverCure
2010-09-19 00:31:44 ----D---- C:\Users\sorgalim\AppData\Roaming\ParetoLogic
2010-09-19 00:31:05 ----D---- C:\ProgramData\ParetoLogic

======List of files/folders modified in the last 1 months======

2010-10-16 21:01:28 ----RD---- C:\Program Files
2010-10-16 21:01:06 ----D---- C:\Windows\Prefetch
2010-10-16 20:56:49 ----D---- C:\Windows
2010-10-14 01:16:31 ----SHD---- C:\Windows\Installer
2010-10-10 23:30:03 ----D---- C:\Windows\System32
2010-10-10 23:30:03 ----D---- C:\Windows\inf
2010-10-10 23:30:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-10 12:58:20 ----D---- C:\Windows\system32\drivers
2010-10-10 12:20:59 ----D---- C:\Windows\rescache
2010-10-10 12:12:57 ----D---- C:\Windows\Microsoft.NET
2010-10-10 12:12:45 ----RSD---- C:\Windows\assembly
2010-10-10 12:01:10 ----D---- C:\Windows\system32\en-US
2010-10-10 12:01:09 ----D---- C:\Windows\AppPatch
2010-10-09 02:38:50 ----D---- C:\Windows\system32\catroot2
2010-10-09 02:38:15 ----D---- C:\Windows\winsxs
2010-10-09 02:37:12 ----D---- C:\ProgramData\Microsoft Help
2010-10-08 19:56:17 ----RSD---- C:\Windows\Fonts
2010-10-08 16:59:14 ----D---- C:\Windows\system32\catroot
2010-10-08 01:38:35 ----A---- C:\Windows\system.ini
2010-10-07 03:46:20 ----D---- C:\Windows\system32\Tasks
2010-10-07 03:43:08 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-07 03:40:37 ----D---- C:\Windows\system32\drivers\en-US
2010-10-07 03:40:36 ----D---- C:\Windows\system32\wbem
2010-10-07 03:40:35 ----D---- C:\Windows\system32\zh-TW
2010-10-07 03:40:35 ----D---- C:\Windows\system32\zh-HK
2010-10-07 03:40:35 ----D---- C:\Windows\system32\uk-UA
2010-10-07 03:40:35 ----D---- C:\Windows\system32\tr-TR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\th-TH
2010-10-07 03:40:35 ----D---- C:\Windows\system32\sv-SE
2010-10-07 03:40:35 ----D---- C:\Windows\system32\sr-Latn-CS
2010-10-07 03:40:35 ----D---- C:\Windows\system32\sl-SI
2010-10-07 03:40:35 ----D---- C:\Windows\system32\pt-PT
2010-10-07 03:40:35 ----D---- C:\Windows\system32\pt-BR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\pl-PL
2010-10-07 03:40:35 ----D---- C:\Windows\system32\nl-NL
2010-10-07 03:40:35 ----D---- C:\Windows\system32\lv-LV
2010-10-07 03:40:35 ----D---- C:\Windows\system32\lt-LT
2010-10-07 03:40:35 ----D---- C:\Windows\system32\ko-KR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\it-IT
2010-10-07 03:40:35 ----D---- C:\Windows\system32\hu-HU
2010-10-07 03:40:35 ----D---- C:\Windows\system32\hr-HR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\he-IL
2010-10-07 03:40:35 ----D---- C:\Windows\system32\fr-FR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\fi-FI
2010-10-07 03:40:35 ----D---- C:\Windows\system32\es-ES
2010-10-07 03:40:35 ----D---- C:\Windows\system32\el-GR
2010-10-07 03:40:35 ----D---- C:\Windows\system32\bg-BG
2010-10-07 03:40:34 ----D---- C:\Windows\system32\zh-CN
2010-10-07 03:40:34 ----D---- C:\Windows\system32\sk-SK
2010-10-07 03:40:34 ----D---- C:\Windows\system32\ru-RU
2010-10-07 03:40:34 ----D---- C:\Windows\system32\ro-RO
2010-10-07 03:40:34 ----D---- C:\Windows\system32\nb-NO
2010-10-07 03:40:34 ----D---- C:\Windows\system32\ja-JP
2010-10-07 03:40:34 ----D---- C:\Windows\system32\et-EE
2010-10-07 03:40:34 ----D---- C:\Windows\system32\de-DE
2010-10-07 03:40:34 ----D---- C:\Windows\system32\da-DK
2010-10-07 03:40:34 ----D---- C:\Windows\system32\cs-CZ
2010-10-07 03:40:34 ----D---- C:\Windows\system32\ar-SA
2010-10-07 03:40:33 ----D---- C:\Windows\ehome
2010-10-07 03:40:33 ----D---- C:\Program Files\Movie Maker
2010-10-07 03:40:32 ----D---- C:\Program Files\Windows Mail
2010-10-07 03:40:31 ----D---- C:\Program Files\Windows Media Player
2010-10-07 03:19:50 ----D---- C:\Program Files\Microsoft Works
2010-10-07 02:04:04 ----SHD---- C:\System Volume Information
2010-10-06 22:53:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-06 16:39:49 ----D---- C:\Program Files\Common Files
2010-10-06 16:38:09 ----AD---- C:\ProgramData\TEMP
2010-10-06 15:43:09 ----D---- C:\ProgramData\McAfee
2010-10-06 15:43:09 ----D---- C:\Program Files\McAfee
2010-10-06 15:31:02 ----D---- C:\Windows\Tasks
2010-10-06 15:11:38 ----A---- C:\Windows\ntbtlog.txt
2010-10-05 22:52:10 ----D---- C:\Windows\system32\drivers\etc
2010-10-05 22:47:54 ----D---- C:\ProgramData
2010-10-04 23:00:41 ----D---- C:\ProgramData\Lavasoft
2010-10-04 23:00:40 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-04 19:20:35 ----D---- C:\Users\sorgalim\AppData\Roaming\Corel
2010-10-01 01:39:43 ----D---- C:\Windows\Minidump
2010-09-26 22:29:46 ----D---- C:\My Recordings
2010-09-26 09:39:30 ----D---- C:\Windows\system32\MpEngineStore
2010-09-25 00:11:04 ----D---- C:\Program Files\Mozilla Firefox
2010-09-22 22:13:25 ----D---- C:\Windows\system32\config
2010-09-21 04:46:01 ----D---- C:\Program Files\LeapFrog
2010-09-21 04:45:52 ----D---- C:\Windows\CC33E708A7954AB3908A8F45919BC097.TMP
2010-09-19 07:24:27 ----D---- C:\Boot
2010-09-17 00:14:04 ----D---- C:\logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-08-24 386712]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-06-14 43528]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2007-06-14 9336]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2007-06-14 9464]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-01 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-08 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 705024]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-08-24 55840]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-01 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 1671680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-25 1787816]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-08-24 152992]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-01 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 246784]
S0 fwrjxbg;fwrjxbg; C:\Windows\System32\drivers\pykhfd.sys []
S3 btaudio;Bluetooth Audio Device; C:\Windows\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\Windows\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-09-28 49904]
S3 catchme;catchme; \??\C:\Users\sorgalim\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-08-24 95600]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-08-24 52104]
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-04 40552]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\Windows\system32\DRIVERS\CamDrL21.sys [2001-03-16 321613]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-24 128104]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-29 266295]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
R2 QBCFMonitorService;QuickBooks Database Manager Service; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2007-03-01 20480]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-24 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-06-28 188416]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-06-28 184320]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-01 386560]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 FastUserSwitchingCompatibility;Network Security; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 171168]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

-----------------EOF-----------------
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 17th, 2010, 2:41 am

Hi hello1

  • Please download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here. Post also fresh dds logs.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?


Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby hello1 » October 18th, 2010, 11:40 pm

I was able to run the rootkit, it took a while to finish and saved a report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8AC09000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C15000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82C15000 PnpManager 3903488 bytes
0x82C15000 RAW 3903488 bytes
0x82C15000 WMIxWDM 3903488 bytes
0x962D0000 Win32k 2109440 bytes
0x962D0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BC06000 C:\Windows\system32\drivers\RTKVHDA.sys 1781760 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x86C68000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x832EA000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8BE07000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8C004000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xACE05000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B804000 C:\Windows\system32\DRIVERS\btkrnl.sys 839680 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x8B404000 C:\Windows\system32\drivers\ti21sony.sys 835584 bytes (Texas Instruments, ti21sony.sys)
0x8BF0A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8B2CF000 C:\Windows\system32\DRIVERS\athr.sys 724992 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8C4D0000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x86E7C000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B203000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80605000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x83279000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80410000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAA00A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83213000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xAA17B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8C427000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x80737000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C18C000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80499000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B908000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B290000 C:\Windows\system32\DRIVERS\yk60x86.sys 258048 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x86F28000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B39E000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x86F88000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86C2D000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAA102000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86D78000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B56D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82FCE000 ACPI_HAL 208896 bytes
0x82FCE000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805C4000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C15A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B8D9000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80796000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8BDB9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86C02000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B543000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C590000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8B4F5000 C:\Windows\system32\DRIVERS\Apfiltr.sys 167936 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xAA153000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x86DC8000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8C109000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B5B3000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8C403000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8B976000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x86E09000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAA0C2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8B5D8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAA0E3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807DB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAA077000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8C0EE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C4AD000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAA094000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B52A000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAA13B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x86FDE000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B954000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xACF79000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xACF58000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8C1D4000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C130000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA0AD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B9BC000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xACEF9000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B9A8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C146000 C:\Windows\SYSTEM32\DRIVERS\SMB.SYS 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B4D7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C5C4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x86F75000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xACF0E000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x86DEF000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B5A2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80480000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83203000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x86FC4000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8C580000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807C3000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B380000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B9D1000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86E69000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8C49E000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86DB9000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B999000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x86F66000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80728000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B390000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96510000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C1EA000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8B3F2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B3DB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80788000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C472000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8BFBE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B9ED000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80681000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xACF4C000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xACEED000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BFF4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B1EF000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C47F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B4EA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xACF6E000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8B51E000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BDEE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B96B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B949000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x86E55000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86F1D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071E000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8C48A000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8C494000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x805BA000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8B9E3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C5BA000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x86FD4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xACEE3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x86E2A000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8BFCD000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8AC00000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACF8F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x83270000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8B3E9000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x964F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86E60000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807D3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80491000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86FF5000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BFE4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BDE6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B8D1000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x86DB1000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xACF20000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8BFDD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BFED000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80781000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8BFD6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B4D0000 C:\Windows\System32\Drivers\SonyNC.sys 28672 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
0x86E78000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAA1E1000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071B000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B9E1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C1F8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8BFCB000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0x8BFCC000 C:\Windows\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0x8C1FA000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF10A9.tmp::$DATA
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF1346.tmp::$DATA
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF1851.tmp::$DATA
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF26.tmp::$DATA
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF8916.tmp
!-->[Hidden] C:\Users\sorgalim\AppData\Local\temp\~DF8960.tmp
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82CBD7AA-->82CBD7B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x82E254FA-->8324606C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x82E05DA3-->83246096 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x82E257BD-->83246082 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x82C409D2-->83246058 [mfehidk.sys]
[1076]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1076]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1076]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1076]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1076]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1076]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1076]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1108]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1108]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1108]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1108]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1120]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1120]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1120]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1120]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1260]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1260]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1260]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1260]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1372]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1372]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1372]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1372]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1372]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1372]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x772CD690-->00000000 [unknown_code_page]
[1372]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x772CF3A4-->00000000 [unknown_code_page]
[1372]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77316DDF-->00000000 [unknown_code_page]
[1372]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x772CDB09-->00000000 [unknown_code_page]
[1372]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1520]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1816]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1816]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1816]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1816]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1816]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1816]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[1964]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[1964]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[1964]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[1964]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[1964]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[1964]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x772CD690-->00000000 [unknown_code_page]
[1964]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x772CF3A4-->00000000 [unknown_code_page]
[1964]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77316DDF-->00000000 [unknown_code_page]
[1964]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x772CDB09-->00000000 [unknown_code_page]
[1964]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[2076]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2076]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2076]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2076]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2260]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[2260]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[2260]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[2260]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[2260]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[2260]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[2260]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[3068]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[3068]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[3068]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[3068]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[3068]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[3068]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[3236]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[3236]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[3236]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[3236]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[3236]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[3816]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [McProxy.dll]
[3816]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [McProxy.dll]
[680]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[680]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[680]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[680]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[680]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[680]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[680]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[6908]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[712]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[712]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[712]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[712]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[712]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[712]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[884]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[884]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[884]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[884]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[884]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[884]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[948]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[948]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[948]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[948]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[948]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[948]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x773E3BA9-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x773E39AB-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x773F41F1-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x773F391E-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x773E89C7-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x773F7C42-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77407BA1-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x773FE2B5-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75D5CE5F-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75D5AECB-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D12EF5-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D15C0C-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D38E6E-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D11C28-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D11BF3-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75D5903B-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D119C9-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D11929-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D394DC-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D394B4-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D39109-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D39362-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D11DC3-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D3DBDA-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75DA5CF7-->00000000 [unknown_code_page]
[988]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x775443D4-->00000000 [unknown_code_page]
[988]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77544494-->00000000 [unknown_code_page]
[988]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77544D34-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x772CD690-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x772CF3A4-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77316DDF-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x772CDB09-->00000000 [unknown_code_page]
[988]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770236D1-->00000000 [unknown_code_page]

I hope this shows the problem.
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 19th, 2010, 3:25 am

Hi hello1

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby hello1 » October 20th, 2010, 3:10 pm

hello peku006,

I was just wondering if it would be ok to run combofix in safe mode, that way i would be sure my antivirus is disabled.
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 21st, 2010, 4:33 am

Hi hello1
I was just wondering if it would be ok to run combofix in safe mode

it would be better to run it in normal mode

Did you read this :
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby hello1 » October 23rd, 2010, 3:37 am

I just finished running combofix and here's the log file it made:

ComboFix 10-10-22.04 - sorgalim 10/23/2010 1:44.7.2 - x86
Microsoft® Windows Vista™ Home Premium

6.0.6002.2.1252.1.1033.18.1014.255 [GMT -5:00]
Running from: c:\users\sorgalim\Desktop\Combo1.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-

4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\pswi_preloaded.exe
c:\users\sorgalim\did.exe
c:\users\sorgalim\Join32.exe
c:\users\sorgalim\kidzui_installer.exe
c:\users\sorgalim\rk.com
c:\users\sorgalim\rkill.com
c:\windows\Downloaded Program

Files\f3initialsetup1.0.1.0.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to

2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 07:02 . 2010-10-23 07:03 -------- d--

---w- c:\users\sorgalim\AppData\Local\temp
2010-10-23 07:02 . 2010-10-23 07:02 -------- d--

---w- c:\users\Default\AppData\Local\temp
2010-10-18 03:01 . 2010-10-18 03:01 6656 ----a-w-

c:\windows\system32\75EC88C4.exe
2010-10-17 19:45 . 2010-09-13 13:56 168960 ----a-w-

c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 19:45 . 2010-09-13 13:56 8147456 ----a-w-

c:\windows\system32\wmploc.DLL
2010-10-17 19:44 . 2010-09-06 16:20 125952 ----a-w-

c:\windows\system32\srvsvc.dll
2010-10-17 19:44 . 2010-09-06 13:45 304128 ----a-w-

c:\windows\system32\drivers\srv.sys
2010-10-17 19:44 . 2010-09-06 13:45 145408 ----a-w-

c:\windows\system32\drivers\srv2.sys
2010-10-17 19:44 . 2010-09-06 13:45 102400 ----a-w-

c:\windows\system32\drivers\srvnet.sys
2010-10-17 19:44 . 2010-09-06 16:19 17920 ----a-w-

c:\windows\system32\netevent.dll
2010-10-17 19:43 . 2010-08-10 15:53 274944 ----a-w-

c:\windows\system32\schannel.dll
2010-10-17 19:43 . 2010-06-28 17:00 1316864 ----a-w-

c:\windows\system32\ole32.dll
2010-10-17 19:43 . 2010-06-28 14:54 339968 ----a-w-

c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-17 19:43 . 2010-08-26 16:37 157184 ----a-w-

c:\windows\system32\t2embed.dll
2010-10-17 19:43 . 2010-08-31 15:46 954752 ----a-w-

c:\windows\system32\mfc40.dll
2010-10-17 19:43 . 2010-08-31 15:46 954288 ----a-w-

c:\windows\system32\mfc40u.dll
2010-10-17 19:43 . 2010-08-31 13:27 2038272 ----a-w-

c:\windows\system32\win32k.sys
2010-10-17 19:43 . 2010-05-04 19:13 231424 ----a-w-

c:\windows\system32\msshsq.dll
2010-10-17 19:43 . 2010-08-20 16:05 867328 ----a-w-

c:\windows\system32\wmpmde.dll
2010-10-17 19:43 . 2010-08-31 15:44 531968 ----a-w-

c:\windows\system32\comctl32.dll
2010-10-17 19:35 . 2010-09-09 22:52 6084944 ----a-w-

c:\programdata\Microsoft\Windows Defender\Definition

Updates\{274B8D77-CA28-4C19-B06C-FC6946AA22DB}\mpengine.dll
2010-10-17 02:01 . 2010-10-17 02:01 -------- d--

---w- C:\rsit
2010-10-17 02:01 . 2010-10-17 02:01 -------- d--

---w- c:\program files\trend micro
2010-10-14 06:16 . 2010-10-14 06:16 388096 ----a-r-

c:\users\sorgalim\AppData\Roaming\Microsoft\Installer\{45A66

726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 06:16 . 2010-10-14 06:16 -------- d--

---w- c:\program files\winlogon
2010-10-09 01:18 . 2010-06-08 17:35 3548040 ----a-w-

c:\windows\system32\ntoskrnl.exe
2010-10-09 01:18 . 2010-06-08 17:35 3600768 ----a-w-

c:\windows\system32\ntkrnlpa.exe
2010-10-09 01:10 . 2010-06-18 17:31 36864 ----a-w-

c:\windows\system32\rtutils.dll
2010-10-09 01:09 . 2010-06-22 13:30 2048 ----a-w-

c:\windows\system32\tzres.dll
2010-10-09 01:05 . 2010-05-27 20:08 81920 ----a-w-

c:\windows\system32\iccvid.dll
2010-10-09 01:04 . 2010-01-06 15:39 1696256 ----a-w-

c:\windows\system32\gameux.dll
2010-10-09 01:04 . 2010-04-16 16:43 28672 ----a-w-

c:\windows\system32\Apphlpdm.dll
2010-10-09 01:04 . 2010-04-16 14:39 4240384 ----a-w-

c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-07 08:40 . 2010-10-07 08:40 -------- d--

---w- c:\program files\Windows Portable Devices
2010-10-07 08:22 . 2009-09-10 02:00 92672 ----a-w-

c:\windows\system32\UIAnimation.dll
2010-10-07 08:22 . 2009-09-10 02:01 3023360 ----a-w-

c:\windows\system32\UIRibbon.dll
2010-10-07 08:22 . 2009-09-10 02:00 1164800 ----a-w-

c:\windows\system32\UIRibbonRes.dll
2010-10-07 08:20 . 2009-10-08 21:07 4096 ----a-w-

c:\windows\system32\oleaccrc.dll
2010-10-07 08:20 . 2009-10-08 21:08 555520 ----a-w-

c:\windows\system32\UIAutomationCore.dll
2010-10-07 08:20 . 2009-10-08 21:08 234496 ----a-w-

c:\windows\system32\oleacc.dll
2010-10-07 01:15 . 2010-06-11 16:15 1248768 ----a-w-

c:\windows\system32\msxml3.dll
2010-10-07 01:14 . 2010-04-16 16:46 502272 ----a-w-

c:\windows\system32\usp10.dll
2010-10-06 21:27 . 2010-08-17 14:11 128000 ----a-w-

c:\windows\system32\spoolsv.exe
2010-10-06 21:26 . 2010-06-17 18:08 10926592 ---

-a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-10-06 21:26 . 2010-06-17 16:16 150016 ----a-w-

c:\program files\Movie Maker\MOVIEMK.exe
2010-10-06 21:26 . 2009-10-23 17:10 714240 ----a-w-

c:\windows\system32\timedate.cpl
2010-10-06 21:26 . 2010-04-05 17:02 317952 ----a-w-

c:\windows\system32\MP4SDECD.DLL
2010-10-06 20:45 . 2010-10-06 20:45 -------- d--

---w- c:\users\sorgalim\AppData\Roaming\McAfee
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w-

c:\windows\system32\secproc_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w-

c:\windows\system32\secproc.dll
2010-10-06 09:37 . 2010-01-25 08:21 526336 ----a-w-

c:\windows\system32\RMActivate_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 346624 ----a-w-

c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 347136 ----a-w-

c:\windows\system32\RMActivate_ssp.exe
2010-10-06 09:37 . 2010-01-25 08:21 518144 ----a-w-

c:\windows\system32\RMActivate.exe
2010-10-06 09:37 . 2010-01-25 12:00 152576 ----a-w-

c:\windows\system32\secproc_ssp_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 152064 ----a-w-

c:\windows\system32\secproc_ssp.dll
2010-10-06 09:37 . 2010-01-25 11:58 332288 ----a-w-

c:\windows\system32\msdrm.dll
2010-10-06 09:32 . 2010-08-17 10:52 2409784 ----a-w-

c:\program files\Windows Mail\OESpamFilter.dat
2010-10-06 09:32 . 2010-06-16 16:04 905088 ----a-w-

c:\windows\system32\drivers\tcpip.sys
2010-10-06 09:31 . 2010-05-27 20:08 739328 ----a-w-

c:\windows\system32\inetcomm.dll
2010-10-06 08:53 . 2009-09-10 14:58 1418752 ----a-w-

c:\program files\Windows Media Player\setup_wm.exe
2010-10-06 08:53 . 2009-09-10 14:58 310784 ----a-w-

c:\windows\system32\unregmp2.exe
2010-10-06 03:36 . 2010-10-06 04:04 -------- d--

---w- C:\Combo-Fix
2010-10-06 02:50 . 2010-10-06 02:56 -------- d--

---w- c:\users\sorgalim\AppData\Roaming\ImgBurn
2010-10-06 02:31 . 2010-10-06 02:31 -------- d--

---w- c:\users\sorgalim\AppData\Local\Threat Expert
2010-10-06 02:31 . 2010-10-06 02:31 -------- d--

---w- c:\program files\ImgBurn
2010-10-05 22:43 . 2010-10-06 21:22 -------- d--

---w- C:\TDSSKiller_Quarantine
2010-09-27 06:23 . 2010-09-27 06:23 -------- d--

---w- c:\program files\HJT
2010-09-27 04:48 . 2010-10-06 22:44 -------- d--

---w- c:\program files\Mal
2010-09-26 22:35 . 2010-10-05 01:14 -------- d--

---w- c:\users\sorgalim\ProcessExplorer
2010-09-26 22:20 . 2010-09-27 04:37 -------- d--

---w- c:\program files\MAW
2010-09-26 21:54 . 2010-10-05 04:19 -------- d--

---w- c:\users\sorgalim\malware_remove
2010-09-26 21:21 . 2010-09-26 21:21 -------- d--

---w- c:\program files\Enigma Software Group
2010-09-26 21:20 . 2010-10-07 04:16 -------- d--

---w- c:\windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP
2010-09-26 21:20 . 2010-09-26 21:20 -------- d--

---w- c:\program files\Common Files\Wise Installation

Wizard
2010-09-26 20:59 . 2010-10-06 21:37 -------- d--

---w- c:\programdata\PC Tools
2010-09-26 20:54 . 2010-09-26 20:54 -------- d--

---w- C:\!KillBox
2010-09-25 03:52 . 2010-09-25 06:36 -------- d--

---w- c:\programdata\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 21:55 . 2009-09-24 15:12 66560 ----a-w-

c:\windows\system32\drivers\smb.sys
2010-09-23 03:10 . 2010-09-23 03:10 66560 ----a-w-

c:\windows\system32\drivers\sdjpfned.sys
2010-09-22 06:46 . 2010-09-22 06:45 3446576 ----a-w-

c:\users\sorgalim\errorfix.exe
2010-09-19 06:04 . 2010-09-19 06:04 4227960 ----a-w-

c:\users\sorgalim\WRCFree.exe
2010-09-19 05:27 . 2010-09-19 05:27 5057776 ----a-w-

c:\users\sorgalim\ParetoLogic PC Health Advisor.exe
2010-09-16 04:17 . 2010-09-16 07:12 133582520 ---

-a-w- c:\users\sorgalim\Ad-AwareInstall.exe
2010-09-14 11:54 . 2010-09-14 11:54 66560 ----a-w-

c:\windows\system32\drivers\kubvhnfi.sys
2010-09-08 22:04 . 2010-09-08 22:02 14985616 ---

-a-w- c:\users\sorgalim\mpas-fe.exe
2010-09-08 16:08 . 2010-09-08 19:24 15395728 ---

-a-w- c:\users\sorgalim\fel.exe
2010-08-24 19:57 . 2010-04-15 07:57 9344 ----a-w-

c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-04-15 07:55 84264 ----a-w-

c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-04-15 07:55 64304 ----a-w-

c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 164808 ----a-w-

c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57 . 2010-04-15 07:55 386712 ----a-w-

c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2010-04-15 07:55 312904 ----a-w-

c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-04-15 07:55 95600 ----a-w-

c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 55840 ----a-w-

c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2009-01-14 00:29 52104 ----a-w-

c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2009-01-14 00:29 152992 ----a-w-

c:\windows\system32\drivers\mfeavfk.sys
2010-08-07 05:48 . 2010-08-07 05:48 8558288 ----a-w-

c:\users\sorgalim\FCTBSetup.exe
2010-08-07 05:39 . 2010-08-07 05:38 12839035 ---

-a-w- c:\users\sorgalim\FreeSoundRecorder.exe
2010-08-07 05:33 . 2010-08-07 05:32 1405456 ----a-w-

c:\users\sorgalim\AAudioSetup.exe
2010-08-07 05:17 . 2010-08-07 05:17 1686016 ----a-w-

c:\users\sorgalim\ACamSetup.exe
.

------- Sigcheck -------

[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 .

. [8.00.6001.18702] . .

c:\windows\SoftwareDistribution\Download\084425f324bab37637b

0082391287093\x86_microsoft-windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958

f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 .

. [8.00.6001.18702] . .

c:\windows\SoftwareDistribution\Download\084425f324bab37637b

0082391287093\x86_microsoft-windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6

c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb

5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 .

. [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[-] 2010-05-04 06:00 . !HASH: COULD NOT OPEN FILE !!!!! .

638232 . . [------] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88

132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872

a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26

c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11

ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4

e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2

a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f45

9f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2

e448ea4212\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d86

2d2fd4be39\iexplore.exe
[7] 2009-07-22 . 4B5AEA50CE77FBA4C2D169622DC9B489 . 638232 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c1

5e48e6a76e\iexplore.exe
[7] 2009-07-21 . C33BD196A0301F9B23D9A003D30ED8B0 . 638216 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354

a72fd12395\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 .

. [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5

b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 .

. [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75

e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 .

. [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd

56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 .

. [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f4

8433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 .

. [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5

dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 .

. [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6

751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 .

. [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc

283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 .

. [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4

ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 .

. [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d79

1517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 .

. [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22

632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 .

. [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265

b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 .

. [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23

da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 .

. [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b55

6b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 .

. [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b

2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 .

. [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa14

6a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 .

. [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7

c91ccfce35\iexplore.exe
[7] 2008-10-16 . D762642A109433EEDCD332B0A9511137 . 634024 .

. [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4

e91d04fa01\iexplore.exe
[7] 2008-10-16 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 .

. [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf4

3c36078f24\iexplore.exe
[7] 2008-10-02 . 19403B64906C9EAC627E3C10847B0FDA . 633632 .

. [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5

b31cfa2a15\iexplore.exe
[7] 2008-10-02 . 6655B851D9EEF7C83395EE52D551B448 . 633632 .

. [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c4

2835ff7333\iexplore.exe
[7] 2008-09-09 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 .

. [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3

a71cdf2247\iexplore.exe
[7] 2008-09-09 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 .

. [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82

dc361eff27\iexplore.exe
[7] 2008-01-19 . 5B92133D3E7FB2644677686305E29E81 . 625664 .

. [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f6200

0919fe80c9\iexplore.exe
[7] 2007-08-26 . 9B3516C1F30DA17ADD3818573047D63C . 625152 .

. [7.00.6000.20583] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1db

e03633c0e1\iexplore.exe
[7] 2007-08-26 . 10BDB55982586A432A3951EB19A26009 . 625152 .

. [7.00.6000.16473] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f

011d0e0526\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 .

. [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-

windows-ie-

internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e

0d1d136ff5\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio

n\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-

E089D32B38DD}]
2007-08-15 16:42 303104 ------w-

c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion

\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19

125952]
"WMPNSCFG"="c:\program files\Windows Media

Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio

n\Run]
"Windows Defender"="c:\program files\Windows

Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29

137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29

154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29

133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08

118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"

[2007-06-12 317560]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-12-01

497376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12

\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program

files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program

files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program

files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe"

[2010-06-25 1193848]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe"

[2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3

\brctrcen.exe" [2009-01-09 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio

n\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w-

c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoo

t\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoo

t\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoo

t\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start

Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed

Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start

Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat

Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon

Startup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=c:\windows\pss\Reality Fusion GameCam

SE.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Micr

osoft^Windows^Start Menu^Programs^Startup^LimeWire On

Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Micr

osoft^Windows^Start Menu^Programs^Startup^OneNote 2007

Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and

Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program

files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\DW6]
2008-06-10 21:18 785520 ------w- c:\program

files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\QuickTime Task]
2009-09-29 00:30 28672 ----a-w-

c:\windows\System32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\RealTray]
2008-09-09 23:24 20480 ----a-w- c:\program

files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-26 21:43 77824 ----a-w- c:\program

files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\VAIO Center Access Bar]
2007-06-21 23:54 53248 ----a-w- c:\program

files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program

files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\VWLASU]
2007-07-12 18:31 45056 ----a-w- c:\program

files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security

center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security

center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security

center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 fwrjxbg;fwrjxbg;c:\windows\System32\drivers\pykhfd.sys

[x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware

Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe

[x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program

files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32

\drivers\mferkdet.sys [2010-08-24 84264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32

\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32

\drivers\mfewfpk.sys [2010-08-24 164808]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor

Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe

[2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program

files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10

271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program

files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10

271480]
S2 mfefire;McAfee Firewall Core Service;c:\program

files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-

24 188136]
S2 mfevtp;McAfee Validation Trust Protection

Service;c:\program files\Common

Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NSUService;NSUService;c:\program files\Sony\Network

Utility\NSUService.exe [2007-06-29 200704]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32

\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32

\drivers\mfefirek.sys [2010-08-24 312904]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-

{5AEE247A-956D-47E6-9D9E-512F81518B73}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-

{71175874-2CFD-4E43-8EED-DFC87258B26B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-

{8DD838EA-B9DD-4B13-9C4E-EBA90BA1A25C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-

{EB2E239E-B845-49C6-9F1A-E479D6E8659C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/def ... sgr8/*http:

//www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?

fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar

4.0\resources\en-US\local\search.html
IE: &Google Search - c:\program

files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program

files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program

files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3

\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program

files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Si&milar Pages - c:\program

files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program

files\Google\googletoolbar.dll/cmtrans.html
Trusted Zone: convergysworkathome.com\www
Trusted Zone: internet
Trusted Zone: kidzui.com\www
Trusted Zone: mcafee.com
.

************************************************************

**************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware

detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 02:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************

**************
.
Completion time: 2010-10-23 02:09:56
ComboFix-quarantined-files.txt 2010-10-23 07:09
ComboFix2.txt 2010-10-08 06:48
ComboFix3.txt 2010-10-07 04:54
ComboFix4.txt 2010-10-07 01:58
ComboFix5.txt 2010-10-23 06:38

Pre-Run: 53,700,124,672 bytes free
Post-Run: 53,687,795,712 bytes free

- - End Of File - - BDC43602968CD3B78F94001175460A93
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 23rd, 2010, 4:16 am

Hi hello1

Can you repost the C:\ComboFix.txt and this time turn off word warp in notepad

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby hello1 » October 23rd, 2010, 10:00 pm

hi peku006,

here's the repost:

ComboFix 10-10-22.04 - sorgalim 10/23/2010 1:44.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.255 [GMT -5:00]
Running from: c:\users\sorgalim\Desktop\Combo1.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\pswi_preloaded.exe
c:\users\sorgalim\did.exe
c:\users\sorgalim\Join32.exe
c:\users\sorgalim\kidzui_installer.exe
c:\users\sorgalim\rk.com
c:\users\sorgalim\rkill.com
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 07:02 . 2010-10-23 07:03 -------- d-----w- c:\users\sorgalim\AppData\Local\temp
2010-10-23 07:02 . 2010-10-23 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-18 03:01 . 2010-10-18 03:01 6656 ----a-w- c:\windows\system32\75EC88C4.exe
2010-10-17 19:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 19:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 19:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-17 19:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-17 19:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-17 19:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-17 19:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-17 19:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-17 19:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-17 19:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-17 19:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-17 19:43 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-17 19:43 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-17 19:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 19:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 19:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 19:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-17 19:35 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{274B8D77-CA28-4C19-B06C-FC6946AA22DB}\mpengine.dll
2010-10-17 02:01 . 2010-10-17 02:01 -------- d-----w- C:\rsit
2010-10-17 02:01 . 2010-10-17 02:01 -------- d-----w- c:\program files\trend micro
2010-10-14 06:16 . 2010-10-14 06:16 388096 ----a-r- c:\users\sorgalim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 06:16 . 2010-10-14 06:16 -------- d-----w- c:\program files\winlogon
2010-10-09 01:18 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-09 01:18 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-09 01:10 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-10-09 01:09 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-09 01:05 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-09 01:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-09 01:04 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-09 01:04 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-07 08:40 . 2010-10-07 08:40 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-07 08:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-07 08:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-07 08:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-07 08:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-07 08:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-07 08:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-07 01:15 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-10-07 01:14 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-10-06 21:27 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-06 21:26 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-10-06 21:26 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-10-06 21:26 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-10-06 21:26 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-06 20:45 . 2010-10-06 20:45 -------- d-----w- c:\users\sorgalim\AppData\Roaming\McAfee
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-10-06 09:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-10-06 09:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-10-06 09:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-10-06 09:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-10-06 09:32 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-06 09:32 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-06 09:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-06 08:53 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-10-06 08:53 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-06 03:36 . 2010-10-06 04:04 -------- d-----w- C:\Combo-Fix
2010-10-06 02:50 . 2010-10-06 02:56 -------- d-----w- c:\users\sorgalim\AppData\Roaming\ImgBurn
2010-10-06 02:31 . 2010-10-06 02:31 -------- d-----w- c:\users\sorgalim\AppData\Local\Threat Expert
2010-10-06 02:31 . 2010-10-06 02:31 -------- d-----w- c:\program files\ImgBurn
2010-10-05 22:43 . 2010-10-06 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-27 06:23 . 2010-09-27 06:23 -------- d-----w- c:\program files\HJT
2010-09-27 04:48 . 2010-10-06 22:44 -------- d-----w- c:\program files\Mal
2010-09-26 22:35 . 2010-10-05 01:14 -------- d-----w- c:\users\sorgalim\ProcessExplorer
2010-09-26 22:20 . 2010-09-27 04:37 -------- d-----w- c:\program files\MAW
2010-09-26 21:54 . 2010-10-05 04:19 -------- d-----w- c:\users\sorgalim\malware_remove
2010-09-26 21:21 . 2010-09-26 21:21 -------- d-----w- c:\program files\Enigma Software Group
2010-09-26 21:20 . 2010-10-07 04:16 -------- d-----w- c:\windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP
2010-09-26 21:20 . 2010-09-26 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-26 20:59 . 2010-10-06 21:37 -------- d-----w- c:\programdata\PC Tools
2010-09-26 20:54 . 2010-09-26 20:54 -------- d-----w- C:\!KillBox
2010-09-25 03:52 . 2010-09-25 06:36 -------- d-----w- c:\programdata\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 21:55 . 2009-09-24 15:12 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2010-09-23 03:10 . 2010-09-23 03:10 66560 ----a-w- c:\windows\system32\drivers\sdjpfned.sys
2010-09-22 06:46 . 2010-09-22 06:45 3446576 ----a-w- c:\users\sorgalim\errorfix.exe
2010-09-19 06:04 . 2010-09-19 06:04 4227960 ----a-w- c:\users\sorgalim\WRCFree.exe
2010-09-19 05:27 . 2010-09-19 05:27 5057776 ----a-w- c:\users\sorgalim\ParetoLogic PC Health Advisor.exe
2010-09-16 04:17 . 2010-09-16 07:12 133582520 ----a-w- c:\users\sorgalim\Ad-AwareInstall.exe
2010-09-14 11:54 . 2010-09-14 11:54 66560 ----a-w- c:\windows\system32\drivers\kubvhnfi.sys
2010-09-08 22:04 . 2010-09-08 22:02 14985616 ----a-w- c:\users\sorgalim\mpas-fe.exe
2010-09-08 16:08 . 2010-09-08 19:24 15395728 ----a-w- c:\users\sorgalim\fel.exe
2010-08-24 19:57 . 2010-04-15 07:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-04-15 07:55 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-04-15 07:55 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57 . 2010-04-15 07:55 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2010-04-15 07:55 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-04-15 07:55 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2009-01-14 00:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2009-01-14 00:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-07 05:48 . 2010-08-07 05:48 8558288 ----a-w- c:\users\sorgalim\FCTBSetup.exe
2010-08-07 05:39 . 2010-08-07 05:38 12839035 ----a-w- c:\users\sorgalim\FreeSoundRecorder.exe
2010-08-07 05:33 . 2010-08-07 05:32 1405456 ----a-w- c:\users\sorgalim\AAudioSetup.exe
2010-08-07 05:17 . 2010-08-07 05:17 1686016 ----a-w- c:\users\sorgalim\ACamSetup.exe
.

------- Sigcheck -------

[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.18702] . . c:\windows\SoftwareDistribution\Download\084425f324bab37637b0082391287093\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18702] . . c:\windows\SoftwareDistribution\Download\084425f324bab37637b0082391287093\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[-] 2010-05-04 06:00 . !HASH: COULD NOT OPEN FILE !!!!! . 638232 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-22 . 4B5AEA50CE77FBA4C2D169622DC9B489 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[7] 2009-07-21 . C33BD196A0301F9B23D9A003D30ED8B0 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-10-16 . D762642A109433EEDCD332B0A9511137 . 634024 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[7] 2008-10-16 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[7] 2008-10-02 . 19403B64906C9EAC627E3C10847B0FDA . 633632 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[7] 2008-10-02 . 6655B851D9EEF7C83395EE52D551B448 . 633632 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[7] 2008-09-09 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2008-09-09 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2008-01-19 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[7] 2007-08-26 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\iexplore.exe
[7] 2007-08-26 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 16:42 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-12-01 497376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=c:\windows\pss\Reality Fusion GameCam SE.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2008-06-10 21:18 785520 ------w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-29 00:30 28672 ----a-w- c:\windows\System32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-09-09 23:24 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-26 21:43 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-06-21 23:54 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-07-12 18:31 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 fwrjxbg;fwrjxbg;c:\windows\System32\drivers\pykhfd.sys [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-{5AEE247A-956D-47E6-9D9E-512F81518B73}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{71175874-2CFD-4E43-8EED-DFC87258B26B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-{8DD838EA-B9DD-4B13-9C4E-EBA90BA1A25C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-{EB2E239E-B845-49C6-9F1A-E479D6E8659C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
Trusted Zone: convergysworkathome.com\www
Trusted Zone: internet
Trusted Zone: kidzui.com\www
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 02:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-10-23 02:09:56
ComboFix-quarantined-files.txt 2010-10-23 07:09
ComboFix2.txt 2010-10-08 06:48
ComboFix3.txt 2010-10-07 04:54
ComboFix4.txt 2010-10-07 01:58
ComboFix5.txt 2010-10-23 06:38

Pre-Run: 53,700,124,672 bytes free
Post-Run: 53,687,795,712 bytes free

- - End Of File - - BDC43602968CD3B78F94001175460A93
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 24th, 2010, 5:12 am

Hi hello1

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
c:\windows\System32\drivers\pykhfd.sys
c:\windows\system32\drivers\sdjpfned.sys
c:\windows\system32\drivers\kubvhnfi.sys

Driver::
fwrjxbg




  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform full scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby hello1 » October 27th, 2010, 1:08 am

Hi there,

just need to clarify, when installing malwarebytes does my antivirus have to be enabled since I have to be online during installation.
hello1
Active Member
 
Posts: 10
Joined: October 11th, 2010, 12:02 am

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 27th, 2010, 2:25 am

Hi hello1
does my antivirus have to be enabled

yes
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware removal software and iexplorer wont load

Unread postby peku006 » October 30th, 2010, 11:44 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware