Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected after Google search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirected after Google search

Unread postby Magsmom » October 24th, 2010, 9:01 pm

All sorts of bad things going on. When doing google searches, i get redirected to other sites; I can;t access my favorites and can't login to my Comcast Email. Malware and McAfree scans turned up nothing

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:47 PM, on 10/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=2061007
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919013422.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13916 bytes

Uninstall list
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
America Online (Choose which version to remove)
AnswerWorks 4.0 Runtime - English
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bonjour
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell AIO Printer 946
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Encyclopedia of Everyday Law - Personal Edition
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Guide to Investing
HDView for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 17
Learn2 Player (Uninstall Only)
LUMIX Simple Viewer
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Works
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
NetWaiting
Network Magic
NetZeroInstallers
NVIDIA Drivers
Otto
Password Safe
Print to Fax
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VoiceOver Kit
WD Diagnostics
WebCyberCoach 3.2 Dell
WebEx Support Manager for Internet Explorer
WexTech AnswerWorks
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
Work Less, Live More
Yahoo! Anti-Spy
Yahoo! Software Update
Yahoo! Toolbar
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm
Advertisement
Register to Remove

Re: Redirected after Google search

Unread postby Cypher » October 26th, 2010, 1:46 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista



  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Logs/Information to Post in your Next Reply

  • MGADiag log.
  • RSIT log.txt and info.txt contents.
  • Gmer.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after Google search

Unread postby Magsmom » October 26th, 2010, 11:29 pm

System is almost unusable - constantly locks up and get perpetual Generic host process for win32 services error, which i have been ignoring to get thriugh these scans,

Diagnotic log:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-RVF66-GP7VM-8CFT3
Windows Product Key Hash: tJB30tZY737ZFJYewUg2SpzsCb0=
Windows Product ID: 76487-OEM-2211906-00825
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.2.0.med
ID: {C466C318-961D-4496-B4A0-4E986802454F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 104 Unknown PID
Microsoft Office XP Professional - 100 Genuine
Microsoft Office Small Business Edition 2003 - 104 Unknown PID
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C466C318-961D-4496-B4A0-4E986802454F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CFT3</PKey><PID>76487-OEM-2211906-00825</PID><PIDType>2</PIDType><SID>S-1-5-21-2865655660-47645469-1755239202</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>1.0.2 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060830000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>19FF35A701841D6A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DM061</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>104</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>70E79BF5DC2A7A4</Val><Hash>sPRxYjUhHB9f+kCeNbyhLYB691A=</Hash><Pid>54186-786-5189946-17587</Pid><PidType>1</PidType></Product><Product GUID="{91CA0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>104</LegitResult><Name>Microsoft Office Small Business Edition 2003</Name><Ver>11</Ver><PidType>0</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="16" Version="11" Result="104"/><App Id="18" Version="11" Result="104"/><App Id="19" Version="11" Result="104"/><App Id="1A" Version="11" Result="104"/><App Id="1B" Version="11" Result="104"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1ABA6:Dell Inc|1ABA6:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 26th, 2010, 11:31 pm

log.txt file:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Anne Bremner at 2010-10-26 18:03:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 130 GB (88%) free of 148 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:04:01 PM, on 10/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Anne Bremner\Desktop\RSIT.exe
C:\Program Files\trend micro\Anne Bremner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=2061007
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919013422.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14147 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919013422.dll [2010-08-24 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-23 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-07 169984]
"DLCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16 []
"dlcimon.exe"=C:\Program Files\Dell AIO Printer 946\dlcimon.exe [2006-02-14 430080]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-07-01 1193848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-11 68856]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Anne Bremner\Start Menu\Programs\Startup
Password Safe.lnk - C:\Program Files\Password Safe\pwsafe.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe"="C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Enabled:ehtray"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

======List of files/folders created in the last 1 months======

2010-10-26 18:03:39 ----D---- C:\rsit
2010-10-26 18:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-10-26 17:59:47 ----SHD---- C:\Config.Msi
2010-10-25 19:34:15 ----A---- C:\WINDOWS\msoffice.ini
2010-10-25 17:44:14 ----D---- C:\Program Files\zipit
2010-10-24 11:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 months======

2010-10-26 18:04:01 ----D---- C:\Program Files\Trend Micro
2010-10-26 18:03:58 ----D---- C:\WINDOWS\Temp
2010-10-26 18:03:53 ----D---- C:\WINDOWS\Prefetch
2010-10-26 18:02:10 ----D---- C:\Temp
2010-10-26 17:59:48 ----SHD---- C:\WINDOWS\Installer
2010-10-26 17:58:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-26 17:54:34 ----D---- C:\Program Files\Dl_cats
2010-10-26 17:54:32 ----D---- C:\WINDOWS
2010-10-26 17:54:26 ----D---- C:\Program Files\Password Safe
2010-10-26 17:53:57 ----D---- C:\WINDOWS\Registration
2010-10-26 17:53:50 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-10-25 23:01:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-25 20:08:39 ----D---- C:\Program Files\Common Files
2010-10-25 19:34:51 ----A---- C:\WINDOWS\win.ini
2010-10-25 19:34:50 ----D---- C:\WINDOWS\system32
2010-10-25 19:34:50 ----D---- C:\Program Files\Common Files\AOL
2010-10-25 19:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2010-10-25 19:34:44 ----D---- C:\Program Files
2010-10-25 19:34:40 ----D---- C:\WINDOWS\system32\drivers
2010-10-25 18:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-10-25 17:43:04 ----HD---- C:\WINDOWS\inf
2010-10-25 17:39:56 ----D---- C:\Program Files\malware
2010-10-13 18:38:42 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-05 18:56:39 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 iastor;Intel RAID Controller; C:\WINDOWS\system32\drivers\iastor.sys [2006-07-06 246784]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-08-24 386712]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-08-24 84072]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-07 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-08-24 55840]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-08-24 95600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-08-24 152992]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-08-24 52104]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-08-24 88544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-08-24 88544]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-08-24 84264]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 171168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 dlci_device;dlci_device; C:\WINDOWS\system32\dlcicoms.exe [2006-05-11 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 26th, 2010, 11:47 pm

info.txt file is too large to post and I can't attach a file without getting kicked from the site. Splitting into two posts. Looks like I will have to do same with GMER.txt file

info.txt part 1:
info.txt logfile of random's system information tool 1.08 2010-10-26 18:04:19

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell AIO Printer 946-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlciUNST.EXE -NOLICENSE
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellConnect-->MsiExec.exe /X{18525F55-9B32-4D49-BF03-D53B17A49D97}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Encyclopedia of Everyday Law - Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89BC121F-08BB-465A-8D09-3C438DD29773}\setup.exe" -l0x9 -removeonly
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guide to Investing-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0846D33-BBFD-4D87-B554-F89A1BC9F1F0}\setup.exe" -l0x9 -removeonly
HDView for Internet Explorer-->MsiExec.exe /I{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LUMIX Simple Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\zipit\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Network Magic-->"C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe" /uninstall
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Password Safe-->"C:\Program Files\Password Safe\Uninstall.exe"
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 26th, 2010, 11:51 pm

info.txt part 2:
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VoiceOver Kit-->MsiExec.exe /I{FB26A501-6BA6-459B-89AA-9736730752FB}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890927-->C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Work Less, Live More-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30E3F521-B91D-42E6-9E99-99B90106A51A}\setup.exe" -l0x9 -removeonly
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 27th, 2010, 12:07 am

I've tried unsuccessfuly to post the last part of the info.txt and keep getting kicked out. Something does not like this file! I'd be happy to email it you

Here is part 1 of gmer.txt file:
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-26 21:11:55
Windows 5.1.2600 Service Pack 2
Running: 0ryypui1[1].exe; Driver: C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\uxtiqaow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF736C090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF736C0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF736C0D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF736C126]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF736C07C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF736C054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF736C068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF736C0BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF736C0FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF736C0E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF736C150]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF736C13C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF736C110]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6500360, 0x21235D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B50F7C
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B50F8D
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B50F9E
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B50FD1
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B500A7
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B50F6B
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B500C2
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B50F29
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B50F0E
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B5008C
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B5003D
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B5002C
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B50F44
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00B40076
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B4005B
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30044
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30033
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30FD4
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B30018
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B10FDB
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B10FCA
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B10FB9
.text C:\WINDOWS\system32\svchost.exe[568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20000
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 014A0FEF
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014A0025
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 014A0014
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FD000A
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FA000C
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01490FEF
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01490F68
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01490F83
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01490051
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01490036
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0149001B
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01490089
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01490078
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 014900DA
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 014900BF
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 014900EB
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01490F94
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01490000
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01490F57
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01490FAF
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01490FCA
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0149009A
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01150040
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011500AC
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01150FEF
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01150025
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0115009B
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0115000A
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 01150076
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01150065
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01690011
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 01690000
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01690FAB
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01690FE3
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01690F90
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01690FC6
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01100FEF
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01100FDE
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01100FCD
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01100FB2
.text C:\WINDOWS\Explorer.EXE[752] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 014C0000
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00F68
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A00F83
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00051
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A00F1F
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A00F3C
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A000B8
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A0009D
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A00EFA
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A00FB9
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A00F57
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A00082
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A90FC3
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A9004A
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A90FDE
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A90F83
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00A90F94
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [C9, 88]
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A90025
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80031
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80016
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80FB7
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FA6
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FDE
.text C:\WINDOWS\system32\services.exe[1176] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\services.exe[1176] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\services.exe[1176] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\system32\services.exe[1176] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\services.exe[1176] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F3008E
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F30073
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30062
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30047
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F300DA
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F300B3
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F30F41
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F30F5C
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F300FF
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F30F88
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F30025
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F30F77
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01160036
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01160087
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01160FE5
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01160011
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01160FC0
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01160000
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 01160062
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01160051
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01150F9C
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 01150031
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01150FC1
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01150016
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01150FDE
.text C:\WINDOWS\system32\lsass.exe[1188] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\lsass.exe[1188] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\lsass.exe[1188] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\lsass.exe[1188] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\system32\lsass.exe[1188] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F50FC3
? C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 014A0FE5
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014A0011
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 014A0000
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01490FE5
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01490F72
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01490F83
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01490F9E
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01490FAF
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01490047
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01490F30
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01490F4D
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 014900A7
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01490F04
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01490EE9
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01490FC0
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01490000
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01490078
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01490036
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01490025
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01490F15
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01480FD4
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01480F9E
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01480FE5
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01480025
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01480065
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01480000
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01480FB9
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [68, 89]
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01480040
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01470F86
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 01470F97
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01470FC3
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01470FEF
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01470FB2
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01470FDE
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0026000A
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00260FEF
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00260FD4
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WININET.dll!InternetOpenUrlW 3D9A6DDF 3 Bytes JMP 00260FC3
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WININET.dll!InternetOpenUrlW + 4 3D9A6DE3 1 Byte [C2]
.text C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe[1264] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01460FEF
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B5007D
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B5006C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B50F92
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B5005B
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B50FB9
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B500C6
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B500A9
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B50121
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B500FC
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B50132
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B50040
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B50098
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B500EB
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B40025
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B40087
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00B40076
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B4005B
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90F97
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90FCD
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B9000C
.text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B7002F
.text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B20022
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B10090
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B1007F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B10058
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B10F9B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B10022
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B100C8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B100AB
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B100FE
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B100E3
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B1010F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B1003D
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B10F80
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B10F65
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00062
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B00FCA
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B00FE5
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90F7F
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FB5
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90FE3
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90F90
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FD2
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B30FD4
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B80FEF
.text C:\Program Files\Messenger\msmsgs.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01D60000
.text C:\Program Files\Messenger\msmsgs.exe[1536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01D60011
.text C:\Program Files\Messenger\msmsgs.exe[1536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D60FE5
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01D5000A
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01D50F83
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01D50078
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01D5005B
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01D50FA8
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01D50FD4
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01D500C1
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01D500A4
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01D500FE
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01D500ED
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01D50F4A
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01D50FC3
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01D5001B
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01D50089
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01D50040
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01D50FE5
.text C:\Program Files\Messenger\msmsgs.exe[1536] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01D500D2
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D3004B
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D3003A
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D30FE5
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D30000
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D30FD4
.text C:\Program Files\Messenger\msmsgs.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D30029
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01D4002F
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01D40F7C
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01D40FD4
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01D40FE5
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01D40F97
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01D40000
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01D40FB2
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [F4, 89]
.text C:\Program Files\Messenger\msmsgs.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01D40FC3
.text C:\Program Files\Messenger\msmsgs.exe[1536] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01D20FEF
.text C:\Program Files\Messenger\msmsgs.exe[1536] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1536] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF000A
.text C:\Program Files\Messenger\msmsgs.exe[1536] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FD4
.text C:\Program Files\Messenger\msmsgs.exe[1536] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0025
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04000FEF
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04000025
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 04000014
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BC000C
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03FF0000
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03FF0F7E
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03FF0073
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03FF0062
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03FF0FA5
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03FF003D
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03FF0F63
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 03FF00A9
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03FF0F26
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03FF0F37
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 03FF00D0
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 03FF0FB6
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 03FF0FE5
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 03FF0098
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 03FF002C
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 03FF001B
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 03FF0F52
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04030036
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0403007D
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04030025
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0403000A
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0403006C
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 04030FEF
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 04030FCA
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [23, 8C]
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 04030051
.text C:\WINDOWS\System32\svchost.exe[1596] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0097000A
.text C:\WINDOWS\System32\svchost.exe[1596] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D8000A
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04020051
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 04020FBC
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0402001B
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04020000
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0402002C
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04020FD7
.text C:\WINDOWS\System32\svchost.exe[1596] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03FE0FEF
.text C:\WINDOWS\System32\svchost.exe[1596] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03FE0014
.text C:\WINDOWS\System32\svchost.exe[1596] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03FE0FD4
.text C:\WINDOWS\System32\svchost.exe[1596] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03FE0FC3
.text C:\WINDOWS\System32\svchost.exe[1596] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 04010FEF
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B9009D
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B9008C
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B90065
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B90F5C
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C801EEE 3 Bytes JMP 00B90F83
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA + 4 7C801EF2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B90F41
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B900DA
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B90F30
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B90054
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B900AE
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B90014
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B900C9
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80FA1
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80014
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B80FB2
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00B80FC3
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FBC
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[1780] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A90FE5
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A8009A
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A8007F
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A80FA5
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A80062
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A80036
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A800C1
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A80F79
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A80F39
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A80F4A
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A800E3
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A80047
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A80011
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A80F8A
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A80FC0
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A80FD1
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A800D2
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC004E
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC000C
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC001D
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AA0FB9
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\wuauclt.exe[2820] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\wuauclt.exe[2820] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCA
.text C:\WINDOWS\system32\wuauclt.exe[2820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 026B000A
.text C:\WINDOWS\system32\wuauclt.exe[2820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 026C000A
.text C:\WINDOWS\system32\wuauclt.exe[2820] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 026A000C
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D004E
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0018
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D0033
.text C:\WINDOWS\system32\wuauclt.exe[2820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E0FA8
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E002F
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002E001E
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002E0F7C
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 27th, 2010, 12:08 am

Part 2 of GMER.txt:
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [4E, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2820] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002E0F8D
.text C:\WINDOWS\system32\wuauclt.exe[2832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\wuauclt.exe[2832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FC0
.text C:\WINDOWS\system32\wuauclt.exe[2832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\wuauclt.exe[2832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\wuauclt.exe[2832] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0F9A
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0FAB
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0000
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D001B
.text C:\WINDOWS\system32\wuauclt.exe[2832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E0FB2
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E004A
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002E0F97
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 002E0039
.text C:\WINDOWS\system32\wuauclt.exe[2832] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002E001E
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3184] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[3232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02B70FEF
.text C:\Program Files\internet explorer\iexplore.exe[3232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02B70000
.text C:\Program Files\internet explorer\iexplore.exe[3232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B70FD4
.text C:\Program Files\internet explorer\iexplore.exe[3232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F8000A
.text C:\Program Files\internet explorer\iexplore.exe[3232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02B60000
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02B60084
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02B60F99
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02B60073
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02B60062
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02B60036
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02B60F3C
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02B60F4D
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02B600A6
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02B60F0D
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02B60EF2
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02B60047
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02B60011
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02B60F6A
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02B60FCA
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02B60FDB
.text C:\Program Files\internet explorer\iexplore.exe[3232] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02B60095
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B5003D
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B50FAF
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B5002C
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B5001B
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 02B5006C
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 02B5000A
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 02B50FC0
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [D5, 8A] {AAD 0x8a}
.text C:\Program Files\internet explorer\iexplore.exe[3232] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 02B50FD1
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B40FB9
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B40044
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B40029
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B4000C
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B40FD4
.text C:\Program Files\internet explorer\iexplore.exe[3232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B40FEF
.text C:\Program Files\internet explorer\iexplore.exe[3232] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02B30FEF
.text C:\Program Files\internet explorer\iexplore.exe[3232] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02B20FE5
.text C:\Program Files\internet explorer\iexplore.exe[3232] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02B20000
.text C:\Program Files\internet explorer\iexplore.exe[3232] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02B20011
.text C:\Program Files\internet explorer\iexplore.exe[3232] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02B20022
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D00F66
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D00F77
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D0005B
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D000AE
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D00091
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D000E1
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D000D0
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D00F2D
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D00080
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D000BF
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF007D
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0FDB
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0011
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CF0062
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CF0051
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0049
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0FC8
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE002E
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FD9
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE001D
.text C:\WINDOWS\system32\svchost.exe[3600] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[3600] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[3600] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[3600] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[3600] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[3692] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[3692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[3692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0089
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0F94
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0FA5
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0F77
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE00BF
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE00EB
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00DA
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CE0F37
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CE0051
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CE00A4
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[3692] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CE0F5C
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F83
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CD0FA5
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ED, 88]
.text C:\WINDOWS\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC005F
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC004E
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\system32\svchost.exe[3692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC001D
.text C:\WINDOWS\system32\svchost.exe[3692] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[3692] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[3692] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0022
.text C:\WINDOWS\system32\svchost.exe[3692] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\System32\svchost.exe[4532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[4532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090036
.text C:\WINDOWS\System32\svchost.exe[4532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001E0FEF
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001E007F
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001E0064
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001E0047
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001E0F8A
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001E001B
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001E00AB
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001E0F63
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001E00E8
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001E00D7
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001E00F9
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001E0036
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001E0FD4
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001E0090
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001E0FAF
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001E000A
.text C:\WINDOWS\System32\svchost.exe[4532] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001E00C6
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F8A
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0011
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002C0FA5
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002C0000
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 002C0051
.text C:\WINDOWS\System32\svchost.exe[4532] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002C0036
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410F97
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!system 77C293C7 5 Bytes JMP 0041002C
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410FD7
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00410000
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410FB2
.text C:\WINDOWS\System32\svchost.exe[4532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00410011
.text C:\WINDOWS\System32\svchost.exe[4532] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00890FEF
.text C:\WINDOWS\System32\svchost.exe[4532] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00890FDE
.text C:\WINDOWS\System32\svchost.exe[4532] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0089001E
.text C:\WINDOWS\System32\svchost.exe[4532] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00890FCD
.text C:\WINDOWS\System32\svchost.exe[4532] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001B0000
.text C:\Program Files\internet explorer\iexplore.exe[4544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04420FEF
.text C:\Program Files\internet explorer\iexplore.exe[4544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04420FC3
.text C:\Program Files\internet explorer\iexplore.exe[4544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 04420FD4
.text C:\Program Files\internet explorer\iexplore.exe[4544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0196000A
.text C:\Program Files\internet explorer\iexplore.exe[4544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0194000C
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 04410000
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0441006C
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 04410F6D
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 04410F88
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 04410051
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 04410FC0
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 04410F35
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0441007D
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 04410F02
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 04410F13
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 044100B6
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 04410FAF
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 04410011
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 04410F5C
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0441002C
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 04410FDB
.text C:\Program Files\internet explorer\iexplore.exe[4544] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 04410F24
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04400FB9
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04400043
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04400000
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04400FD4
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 04400F86
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 04400FEF
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 04400F97
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [60, 8C]
.text C:\Program Files\internet explorer\iexplore.exe[4544] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 04400FA8
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 043F0058
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!system 77C293C7 5 Bytes JMP 043F0FC3
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 043F0029
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 043F000C
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 043F0FD4
.text C:\Program Files\internet explorer\iexplore.exe[4544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 043F0FEF
.text C:\Program Files\internet explorer\iexplore.exe[4544] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4544] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 043E0000
.text C:\Program Files\internet explorer\iexplore.exe[4544] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 043D0FEF
.text C:\Program Files\internet explorer\iexplore.exe[4544] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 043D000A
.text C:\Program Files\internet explorer\iexplore.exe[4544] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 043D0025
.text C:\Program Files\internet explorer\iexplore.exe[4544] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 043D0036
.text C:\WINDOWS\system32\dllhost.exe[4832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\dllhost.exe[4832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D40FDB
.text C:\WINDOWS\system32\dllhost.exe[4832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D30076
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30F81
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30F9C
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D300AC
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D30091
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D300D8
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D30F3F
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D300E9
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D3005B
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D30F66
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\dllhost.exe[4832] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D300C7
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10FA8
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10033
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D1000C
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10FC3
.text C:\WINDOWS\system32\dllhost.exe[4832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20F9B
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D2001B
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00D20058
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00D20047
.text C:\WINDOWS\system32\dllhost.exe[4832] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\dllhost.exe[4832] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\dllhost.exe[4832] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\dllhost.exe[4832] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CF0011
.text C:\WINDOWS\system32\dllhost.exe[4832] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CF0022
.text C:\WINDOWS\system32\dllhost.exe[4832] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D00000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\iastor -> DriverStartIo \Device\Ide\iaStor0 86A42292
Device \Driver\iastor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 86A42292

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3160812AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager@PendingFileRenameOperations ???O?????x?y?x(??????P?????????r????? ???????O???????????K??????????????????????????????0????????????????`???????????????????? ????????????????????? ???????????????????{36FC9E60-C465-11CF-8056-444553540000}??????? ???????C???????????????????? ???1??????????????????????????4???????7??? ???????P???????????G??????????,????????e??? ???O???t??????se??272696320?272696320?272696320?272696320?272696320?272696320?272696320?805438464?1073939458?805438464?1073939458??s??ClosePerformanceData?o??? ???????O???????O????????????????????????????????????p??????????O???O?????t?O???O??? ??????????????????????????? ??????????Microsoft???? ???????C????????????????????&???E?????????????????????C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui??????????O?????????????e????C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui?????? ???????C????????????????????&???L?????????????????id??C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communi
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Cypher » October 27th, 2010, 4:51 am

Hi Magsmom.

  • Please visit This website using Internet Explorer.
  • Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after Google search

Unread postby Magsmom » October 27th, 2010, 9:47 am

I will follow your directions this evening, meanwhile here is the rest of the info.txt file (I can post now that i am on work computer:)

======Security center information======

AV: McAfee Anti-Virus and Anti-Spyware
FW: McAfee Firewall

======System event log======

Computer Name: ANNEOFFICE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001676CB255B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 31982
Source Name: Dhcp
Time Written: 20100803182549.000000-360
Event Type: warning
User:

Computer Name: ANNEOFFICE
Event Code: 263
Message: The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

Record Number: 31888
Source Name: PlugPlayManager
Time Written: 20100801080019.000000-360
Event Type: warning
User:

Computer Name: ANNEOFFICE
Event Code: 7031
Message: The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Record Number: 31873
Source Name: Service Control Manager
Time Written: 20100801072750.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.1.101 on the
Network Card with network address 001676CB255B.

Record Number: 31810
Source Name: Dhcp
Time Written: 20100731073036.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001676CB255B. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 31809
Source Name: Dhcp
Time Written: 20100731073036.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: ANNEOFFICE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 7816
Source Name: crypt32
Time Written: 20101019214446.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 7815
Source Name: crypt32
Time Written: 20101019214446.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 7814
Source Name: crypt32
Time Written: 20101019214446.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 7813
Source Name: crypt32
Time Written: 20101019214446.000000-360
Event Type: error
User:

Computer Name: ANNEOFFICE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 7812
Source Name: crypt32
Time Written: 20101019214446.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Cypher » October 27th, 2010, 1:21 pm

No problem post the New MGADiag log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after Google search

Unread postby Magsmom » October 27th, 2010, 7:57 pm

Completed windows validate and here are is the MGA diagnotis report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-RVF66-GP7VM-8CFT3
Windows Product Key Hash: tJB30tZY737ZFJYewUg2SpzsCb0=
Windows Product ID: 76487-OEM-2211906-00825
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.2.0.med
ID: {C466C318-961D-4496-B4A0-4E986802454F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 104 Unknown PID
Microsoft Office XP Professional - 100 Genuine
Microsoft Office Small Business Edition 2003 - 104 Unknown PID
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: http=127.0.0.1:50370
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C466C318-961D-4496-B4A0-4E986802454F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CFT3</PKey><PID>76487-OEM-2211906-00825</PID><PIDType>2</PIDType><SID>S-1-5-21-2865655660-47645469-1755239202</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>1.0.2 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060830000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>19FF35A701841D6A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DM061</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>104</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>70E79BF5DC2A7A4</Val><Hash>sPRxYjUhHB9f+kCeNbyhLYB691A=</Hash><Pid>54186-786-5189946-17587</Pid><PidType>1</PidType></Product><Product GUID="{91CA0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>104</LegitResult><Name>Microsoft Office Small Business Edition 2003</Name><Ver>11</Ver><PidType>0</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="16" Version="11" Result="104"/><App Id="18" Version="11" Result="104"/><App Id="19" Version="11" Result="104"/><App Id="1A" Version="11" Result="104"/><App Id="1B" Version="11" Result="104"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1ABA6:Dell Inc|1ABA6:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Cypher » October 28th, 2010, 4:56 am

Hi Magsmom.
Thank you please continue with the instructions below.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [-HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]
    [-HKEY_CLASSES_ROOT\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"=-
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Important!: Run this fix once and once only.
  • Double click TDSSKiller.exe then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after Google search

Unread postby Magsmom » October 28th, 2010, 6:57 pm

Update: Still getting redirects, slow performance and cannot open more than 1 IE session without lockup and getting McAfee Buffer Overflow messages

OTM Log:
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Anne Bremner
->Temp folder emptied: 150286 bytes
->Temporary Internet Files folder emptied: 792810 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 238653 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 8490 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37830045 bytes
->Java cache emptied: 103400 bytes
->Flash cache emptied: 65924 bytes

User: Tester
->Temp folder emptied: 332191 bytes
->Temporary Internet Files folder emptied: 5372324 bytes
->Java cache emptied: 25801297 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10897920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40721966 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 98959 bytes

Total Files Cleaned = 117.00 mb


OTM by OldTimer - Version 3.1.17.1 log created on 10282010_140045

Files moved on Reboot...
C:\Documents and Settings\Anne Bremner\Local Settings\Temp\dwm.exe moved successfully.

Registry entries deleted on Reboot...


RSIT Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Anne Bremner at 2010-10-28 14:14:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 131 GB (88%) free of 148 GB
Total RAM: 1022 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:27 PM, on 10/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\Windows\shell.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe
C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\dwm.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Anne Bremner\Desktop\RSIT.exe
C:\Program Files\trend micro\Anne Bremner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=2061007
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\dwm.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919013422.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe
O4 - HKLM\..\Run: [kxtkd.exe] "C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\kxtkd.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14372 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919013422.dll [2010-08-24 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-23 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-07 169984]
"DLCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16 []
"dlcimon.exe"=C:\Program Files\Dell AIO Printer 946\dlcimon.exe [2006-02-14 430080]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-07-01 1193848]
"svchost"=C:\Documents and Settings\Anne Bremner\Application Data\Microsoft\svchost.exe [2010-10-26 115200]
"kxtkd.exe"=C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\kxtkd.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-11 68856]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Anne Bremner\Start Menu\Programs\Startup
Password Safe.lnk - C:\Program Files\Password Safe\pwsafe.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll [2010-10-28 72704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-10-28 13:26:31 ----D---- C:\Program Files\ERUNT
2010-10-28 13:11:25 ----A---- C:\WINDOWS\system32\drivers\zqety.sys
2010-10-28 13:11:16 ----D---- C:\Documents and Settings\Anne Bremner\Application Data\326328C8048547653F08FD82F20096C9
2010-10-28 13:10:53 ----AH---- C:\WINDOWS\system32\dcomhost.dll
2010-10-26 18:04:47 ----D---- C:\Microsoft
2010-10-26 18:03:39 ----D---- C:\rsit
2010-10-26 18:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-10-25 19:34:15 ----A---- C:\WINDOWS\msoffice.ini
2010-10-25 17:44:14 ----D---- C:\Program Files\zipit
2010-10-24 11:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 months======

2010-10-28 14:14:20 ----D---- C:\Program Files\Trend Micro
2010-10-28 14:14:07 ----D---- C:\WINDOWS\Temp
2010-10-28 14:12:04 ----D---- C:\Program Files\Password Safe
2010-10-28 14:11:47 ----D---- C:\WINDOWS
2010-10-28 14:11:37 ----D---- C:\Program Files\Dl_cats
2010-10-28 14:10:07 ----D---- C:\WINDOWS\Registration
2010-10-28 14:09:52 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-10-28 14:00:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-28 13:49:21 ----D---- C:\WINDOWS\ERDNT
2010-10-28 13:43:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-28 13:26:31 ----D---- C:\Program Files
2010-10-28 13:23:32 ----D---- C:\WINDOWS\Prefetch
2010-10-28 13:11:36 ----D---- C:\WINDOWS\system32\dllcache
2010-10-28 13:11:25 ----D---- C:\WINDOWS\system32\drivers
2010-10-28 13:10:53 ----D---- C:\WINDOWS\system32
2010-10-27 17:52:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-26 21:56:39 ----D---- C:\Temp
2010-10-26 18:33:26 ----SD---- C:\Documents and Settings\Anne Bremner\Application Data\Microsoft
2010-10-26 18:28:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-26 18:05:06 ----SHD---- C:\WINDOWS\Installer
2010-10-26 18:05:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-10-26 18:04:57 ----D---- C:\Program Files\Windows NT
2010-10-26 18:04:47 ----D---- C:\Program Files\Internet Explorer
2010-10-25 20:08:39 ----D---- C:\Program Files\Common Files
2010-10-25 19:34:51 ----A---- C:\WINDOWS\win.ini
2010-10-25 19:34:50 ----D---- C:\Program Files\Common Files\AOL
2010-10-25 19:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2010-10-25 18:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-10-25 17:43:04 ----HD---- C:\WINDOWS\inf
2010-10-25 17:39:56 ----D---- C:\Program Files\malware
2010-10-13 18:38:42 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-05 18:56:39 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 iastor;Intel RAID Controller; C:\WINDOWS\system32\drivers\iastor.sys [2006-07-06 246784]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-08-24 386712]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-08-24 84072]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-07 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-08-24 55840]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-08-24 95600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-08-24 152992]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-08-24 52104]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-08-24 88544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ANNEBR~1\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-08-24 88544]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-08-24 84264]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 171168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 dlci_device;dlci_device; C:\WINDOWS\system32\dlcicoms.exe [2006-05-11 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


TDSS log:

2010/10/28 15:59:27.0187 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 15:59:27.0187 ================================================================================
2010/10/28 15:59:27.0187 SystemInfo:
2010/10/28 15:59:27.0187
2010/10/28 15:59:27.0187 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/28 15:59:27.0187 Product type: Workstation
2010/10/28 15:59:27.0187 ComputerName: ANNEOFFICE
2010/10/28 15:59:27.0187 UserName: Anne Bremner
2010/10/28 15:59:27.0187 Windows directory: C:\WINDOWS
2010/10/28 15:59:27.0187 System windows directory: C:\WINDOWS
2010/10/28 15:59:27.0187 Processor architecture: Intel x86
2010/10/28 15:59:27.0187 Number of processors: 2
2010/10/28 15:59:27.0187 Page size: 0x1000
2010/10/28 15:59:27.0187 Boot type: Normal boot
2010/10/28 15:59:27.0187 ================================================================================
2010/10/28 15:59:27.0500 Initialize success
2010/10/28 15:59:30.0468 ================================================================================
2010/10/28 15:59:30.0468 Scan started
2010/10/28 15:59:30.0468 Mode: Manual;
2010/10/28 15:59:30.0468 ================================================================================
2010/10/28 15:59:31.0718 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/28 15:59:36.0437 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 15:59:37.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 15:59:37.0359 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/28 15:59:37.0687 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 15:59:38.0265 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/10/28 15:59:38.0375 Afc - detected Unsigned file (1)
2010/10/28 15:59:38.0421 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 15:59:38.0671 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/28 15:59:38.0875 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/28 15:59:39.0078 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/28 15:59:39.0343 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/28 15:59:39.0671 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/28 15:59:39.0968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/28 15:59:40.0328 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/28 15:59:40.0562 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/28 15:59:40.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/28 15:59:41.0062 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/28 15:59:41.0296 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/28 15:59:41.0578 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/28 15:59:41.0796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/28 15:59:42.0156 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/10/28 15:59:42.0234 ASCTRM - detected Unsigned file (1)
2010/10/28 15:59:42.0328 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 15:59:42.0562 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 15:59:42.0875 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 15:59:43.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 15:59:43.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 15:59:43.0843 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/28 15:59:44.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 15:59:44.0187 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/28 15:59:44.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 15:59:44.0593 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 15:59:44.0765 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 15:59:44.0968 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/28 15:59:45.0187 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/28 15:59:45.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/28 15:59:45.0640 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/28 15:59:45.0906 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/28 15:59:46.0250 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 15:59:46.0484 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/10/28 15:59:46.0500 DLABOIOM - detected Unsigned file (1)
2010/10/28 15:59:46.0562 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/10/28 15:59:46.0578 DLACDBHM - detected Unsigned file (1)
2010/10/28 15:59:46.0609 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/10/28 15:59:46.0687 DLADResN - detected Unsigned file (1)
2010/10/28 15:59:46.0718 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/10/28 15:59:46.0765 DLAIFS_M - detected Unsigned file (1)
2010/10/28 15:59:46.0781 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/10/28 15:59:46.0890 DLAOPIOM - detected Unsigned file (1)
2010/10/28 15:59:46.0906 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/10/28 15:59:47.0000 DLAPoolM - detected Unsigned file (1)
2010/10/28 15:59:47.0093 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/10/28 15:59:47.0156 DLARTL_N - detected Unsigned file (1)
2010/10/28 15:59:47.0187 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/10/28 15:59:47.0218 DLAUDFAM - detected Unsigned file (1)
2010/10/28 15:59:47.0234 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/10/28 15:59:47.0296 DLAUDF_M - detected Unsigned file (1)
2010/10/28 15:59:47.0453 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 15:59:47.0703 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 15:59:47.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 15:59:48.0078 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 15:59:48.0296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/28 15:59:48.0500 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 15:59:48.0718 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/10/28 15:59:48.0828 DRVMCDB - detected Unsigned file (1)
2010/10/28 15:59:48.0875 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/10/28 15:59:48.0968 DRVNDDM - detected Unsigned file (1)
2010/10/28 15:59:49.0093 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/10/28 15:59:49.0109 DSproct - detected Unsigned file (1)
2010/10/28 15:59:49.0250 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/10/28 15:59:49.0406 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/28 15:59:49.0781 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/10/28 15:59:50.0328 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 15:59:50.0484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 15:59:50.0656 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 15:59:50.0796 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 15:59:51.0015 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 15:59:51.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 15:59:51.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 15:59:52.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/28 15:59:52.0328 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 15:59:52.0546 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 15:59:52.0812 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 15:59:53.0031 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/28 15:59:53.0296 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/28 15:59:53.0578 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/28 15:59:53.0828 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 15:59:53.0984 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/28 15:59:54.0218 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/28 15:59:54.0437 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 15:59:54.0625 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
2010/10/28 15:59:54.0828 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 15:59:55.0000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/28 15:59:55.0296 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/28 15:59:55.0546 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/28 15:59:55.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 15:59:55.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 15:59:56.0156 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 15:59:56.0406 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 15:59:56.0812 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 15:59:57.0000 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 15:59:57.0187 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 15:59:57.0359 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 15:59:57.0625 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 15:59:57.0875 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 15:59:58.0312 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 15:59:58.0609 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/10/28 15:59:58.0828 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/28 15:59:59.0031 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/28 15:59:59.0140 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/28 15:59:59.0375 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/28 15:59:59.0546 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/28 15:59:59.0765 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/28 15:59:59.0953 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/28 16:00:00.0046 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/28 16:00:00.0109 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/28 16:00:00.0265 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/28 16:00:00.0531 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/28 16:00:00.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 16:00:01.0109 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 16:00:01.0312 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/28 16:00:01.0578 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 16:00:01.0781 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 16:00:01.0937 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 16:00:02.0125 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/28 16:00:02.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 16:00:02.0890 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 16:00:03.0296 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 16:00:03.0500 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 16:00:03.0703 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 16:00:03.0859 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 16:00:04.0046 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 16:00:04.0234 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 16:00:04.0437 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/10/28 16:00:04.0531 NAL - detected Unsigned file (1)
2010/10/28 16:00:04.0562 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 16:00:04.0718 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 16:00:04.0890 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 16:00:05.0453 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 16:00:05.0625 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 16:00:05.0843 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 16:00:06.0031 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 16:00:06.0281 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/28 16:00:06.0468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 16:00:06.0687 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 16:00:07.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 16:00:07.0515 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 16:00:07.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 16:00:08.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 16:00:08.0359 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/28 16:00:08.0562 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/28 16:00:08.0718 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 16:00:08.0875 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 16:00:09.0062 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 16:00:09.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 16:00:09.0468 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 16:00:09.0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/28 16:00:10.0140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/28 16:00:10.0375 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/28 16:00:10.0421 pfc - detected Unsigned file (1)
2010/10/28 16:00:10.0500 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2010/10/28 16:00:10.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 16:00:10.0875 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 16:00:11.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 16:00:11.0312 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
2010/10/28 16:00:11.0484 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/28 16:00:11.0500 PxHelp20 - detected Unsigned file (1)
2010/10/28 16:00:11.0593 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/28 16:00:11.0796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/28 16:00:11.0968 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/28 16:00:12.0265 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/28 16:00:12.0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/28 16:00:12.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 16:00:12.0906 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 16:00:13.0156 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 16:00:13.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 16:00:13.0593 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 16:00:14.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 16:00:14.0171 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/28 16:00:14.0421 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 16:00:14.0906 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 16:00:15.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 16:00:15.0562 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 16:00:15.0734 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 16:00:15.0921 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 16:00:16.0218 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/28 16:00:16.0437 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/28 16:00:16.0640 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 16:00:17.0078 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 16:00:17.0234 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 16:00:17.0562 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/28 16:00:17.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 16:00:18.0031 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 16:00:18.0265 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/28 16:00:18.0578 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/28 16:00:18.0859 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/28 16:00:19.0015 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/28 16:00:19.0343 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 16:00:19.0578 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 16:00:19.0734 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 16:00:19.0875 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 16:00:20.0062 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 16:00:20.0312 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/28 16:00:20.0484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 16:00:20.0687 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/28 16:00:20.0984 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 16:00:21.0484 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/28 16:00:21.0843 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 16:00:22.0046 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 16:00:22.0578 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 16:00:22.0812 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/28 16:00:23.0046 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/28 16:00:23.0265 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 16:00:23.0531 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/28 16:00:23.0734 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 16:00:23.0953 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/28 16:00:24.0140 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/28 16:00:24.0421 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 16:00:24.0625 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 16:00:24.0875 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 16:00:25.0312 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/28 16:00:25.0437 Suspicious service (NoAccess): zqety
2010/10/28 16:00:25.0484 zqety (95ae54580f10a63ff3ac8f9fd4e3c7b3) C:\WINDOWS\system32\drivers\zqety.sys
2010/10/28 16:00:25.0484 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\zqety.sys. md5: 95ae54580f10a63ff3ac8f9fd4e3c7b3
2010/10/28 16:00:25.0484 zqety - detected Locked service (1)
2010/10/28 16:00:25.0500 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/28 16:00:25.0500 ================================================================================
2010/10/28 16:00:25.0500 Scan finished
2010/10/28 16:00:25.0500 ================================================================================
2010/10/28 16:00:25.0609 Detected object count: 19
2010/10/28 16:06:01.0312 Unsigned file(Afc) - User select action: Skip
2010/10/28 16:06:01.0312 Unsigned file(ASCTRM) - User select action: Skip
2010/10/28 16:06:01.0312 Unsigned file(DLABOIOM) - User select action: Skip
2010/10/28 16:06:01.0312 Unsigned file(DLACDBHM) - User select action: Skip
2010/10/28 16:06:01.0312 Unsigned file(DLADResN) - User select action: Skip
2010/10/28 16:06:01.0312 Unsigned file(DLAIFS_M) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DLAOPIOM) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DLAPoolM) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DLARTL_N) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DLAUDFAM) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DLAUDF_M) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DRVMCDB) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DRVNDDM) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(DSproct) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(NAL) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(pfc) - User select action: Skip
2010/10/28 16:06:01.0328 Unsigned file(PxHelp20) - User select action: Skip
2010/10/28 16:06:01.0343 Locked service(zqety) - User select action: Skip
2010/10/28 16:06:01.0359 \HardDisk0\MBR - will be cured after reboot
2010/10/28 16:06:01.0359 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/28 16:06:27.0062 Deinitialize success
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm

Re: Redirected after Google search

Unread postby Magsmom » October 29th, 2010, 12:07 am

Update: I ran malware bytes and McAfee scans and removed a few more trojans. I don't seem to be getting redirects, can login to email and the systems seems to be running better, if still slowish.
Magsmom
Active Member
 
Posts: 12
Joined: October 24th, 2010, 8:38 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware