Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

HELP: Internet explorer automatically sets homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: HELP: Internet explorer automatically sets homepage

Unread postby mingxu16 » May 8th, 2010, 6:23 pm

Thanks a lot.
GMER log coming soon.


OTL.txt:
OTL logfile created on: 5/8/2010 PM 03:13:53 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\mxu34\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.88 Gb Total Space | 38.99 Gb Free Space | 26.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MG4415JCRIT3LP5
Current User Name: mxu34
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mxu34\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\mxu34\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WebDriveService) -- C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (WebDriveFSD) -- C:\Program Files\WebDrive\wdfsd.sys ()
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Alidevice) -- C:\WINDOWS\system32\drivers\alidevice.sys (alipay.com)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://7999.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 14:48:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 14:49:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/29 14:48:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/29 14:49:29 | 000,000,000 | ---D | M]

[2009/08/22 13:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mxu34\Application Data\Mozilla\Extensions
[2010/04/13 19:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mxu34\Application Data\Mozilla\Firefox\Profiles\02m5a8a4.default\extensions
[2009/09/03 15:20:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mxu34\Application Data\Mozilla\Firefox\Profiles\02m5a8a4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/30 16:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mxu34\Application Data\Mozilla\Firefox\Profiles\02m5a8a4.default\extensions\cctvplayer-plugin@www.cctv.com
[2010/03/30 11:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/07/02 11:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 11:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2010/02/21 03:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/04/26 15:46:33 | 000,000,095 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 matlablic.cad.gatech.edu
O1 - Hosts: 127.0.0.1 license.ecs.gatech.edu
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228..\Run: [PPLiveVA] File not found
O4 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-2111687655-1060284298-485228\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchina.com/download/CMBEdit.cab (Edit Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://img.alipay.com/download/2121/aliedit.cab (EditCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (CCTVUpdateInstall)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.219.17.5 129.219.13.81 129.219.17.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coe.gt.buzz
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2010/05/08 15:09:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mxu34\Desktop\OTL.exe
[2010/04/29 14:50:37 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/29 14:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/29 14:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/29 14:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/29 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/29 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/29 14:47:19 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/29 14:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 06:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\.cytoscape
[2010/04/28 06:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Cytoscape_v2.7.0
[2010/04/26 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Desktop\music
[2010/04/26 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\easyMule
[2010/04/26 15:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\SSH
[2010/04/23 17:29:05 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHFLXGD.OCX
[2010/04/23 17:29:05 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2010/04/22 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\PPStream
[2010/04/19 17:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\PPStream
[2010/04/14 08:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\MathWorks
[2010/04/14 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\My Documents\MATLAB
[2010/04/13 18:14:40 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/04/13 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\BitComet
[2010/04/10 18:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/04/10 18:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/04/08 10:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 10:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/04/01 14:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Desktop\fterm
[2010/03/30 11:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 11:05:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 11:05:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 11:05:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/26 19:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\My Documents\WebDrive
[2010/03/26 19:43:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2010/03/26 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\WebDrive
[2010/03/26 19:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Desktop\baby
[2010/03/17 18:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 18:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/14 10:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Desktop\Baby care
[2010/03/09 12:46:42 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 19:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\Help
[2010/03/08 19:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\Help
[2010/03/08 19:35:58 | 000,000,000 | ---D | C] -- C:\BEES40e
[2010/02/24 04:12:28 | 001,310,720 | ---- | C] (South River Technologies) -- C:\WINDOWS\System32\wdCryptoUtils.dll
[2010/02/24 04:12:24 | 002,383,872 | ---- | C] (South River Technologies) -- C:\WINDOWS\System32\wdResDll.dll
[2010/02/24 04:11:16 | 001,314,816 | ---- | C] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdShellExt.dll
[2010/02/24 04:11:16 | 000,466,944 | ---- | C] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdnp32.dll
[2010/02/24 04:11:08 | 001,720,320 | ---- | C] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdHelper.dll
[2010/02/24 04:11:06 | 000,241,664 | ---- | C] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdUIResDll.dll
[2010/02/23 20:01:34 | 001,389,960 | ---- | C] (http://mediainfo.sourceforge.net) -- C:\WINDOWS\System32\PPSMInfo.dll
[2010/02/11 21:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/11 21:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/02/11 18:51:30 | 000,069,632 | ---- | C] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdIconDll.dll
[2010/02/09 18:24:00 | 001,277,496 | ---- | C] (Wei Dai) -- C:\WINDOWS\System32\cryptopp.dll
[2010/01/21 18:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\PCHealth
[2010/01/19 10:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/19 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\Office Genuine Advantage
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/01/19 07:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/13 07:01:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/01/13 04:56:22 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 20:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\FlashgetSetup
[2010/01/12 20:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\TTPlayer
[2010/01/12 18:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Storm
[2010/01/12 18:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\StormII
[2010/01/11 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2010/01/04 07:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\Apple Computer
[2009/12/29 20:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Desktop\照片
[2009/12/29 20:55:23 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/12/29 20:55:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/12/29 20:55:22 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/12/27 12:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\Big Fish Games
[2009/12/25 06:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/25 06:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/25 06:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\Apple
[2009/12/25 06:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/25 06:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\Apple Computer
[2009/12/24 07:16:36 | 000,000,000 | ---D | C] -- C:\FavoriteVideo
[2009/12/24 07:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\PPLiveVA
[2009/12/24 07:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\VirtualStore
[2009/12/24 07:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2009/12/24 07:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Application Data\PPLive
[2009/12/24 07:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive
[2009/12/23 23:59:40 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/23 20:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\AliWangWang
[2009/12/23 20:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aliedit
[2009/12/16 11:43:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 00:08:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/12 07:29:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/11 07:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/11 07:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast
[2009/12/11 07:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mxu34\Local Settings\Application Data\SupportSoft
[2009/12/11 07:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/12/11 07:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2009/12/07 19:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/11/27 09:07:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 09:07:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/22 07:28:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\mxu34\My Documents\My Shapes
[2009/11/11 18:57:00 | 000,434,176 | ---- | C] (斗蟹网下载站-您选择的下载站) -- C:\WINDOWS\System32\DouxieNews.exe

========== Files - Modified Within 180 Days ==========

[2010/05/08 15:11:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\mxu34\Desktop\bo0j5cun.exe
[2010/05/08 15:09:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mxu34\Desktop\OTL.exe
[2010/05/08 15:05:47 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\mxu34\NTUSER.DAT
[2010/05/08 15:02:41 | 000,002,405 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/05/08 15:02:40 | 000,003,111 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/05/08 15:01:59 | 000,000,140 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2010/05/08 15:01:17 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2010/05/08 14:44:23 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\mxu34\Desktop\CKScanner.exe
[2010/05/08 14:36:24 | 000,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 14:36:24 | 000,466,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/08 14:36:24 | 000,079,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/08 14:34:56 | 000,000,096 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2010/05/08 14:33:34 | 000,189,747 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/08 14:33:34 | 000,183,075 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/08 14:32:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/08 14:32:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 14:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/08 14:32:00 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 14:31:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mxu34\ntuser.ini
[2010/05/07 11:45:55 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\stid$.inf
[2010/05/06 13:59:54 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
[2010/05/01 10:17:18 | 000,000,029 | ---- | M] () -- C:\WINDOWS\msgtn.ini
[2010/04/30 12:25:43 | 000,183,075 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/29 16:04:18 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 16:04:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/29 16:04:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 15:46:33 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/26 15:45:07 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\mxu34\Local Settings\Application Data\PUTTY.RND
[2010/04/26 02:09:18 | 000,331,776 | ---- | M] () -- C:\WINDOWS\System32\pptv.scr
[2010/04/16 05:33:36 | 003,003,680 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/13 18:34:49 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\mxu34\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 15:50:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 15:47:56 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/04/08 10:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 10:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/03/17 19:36:36 | 000,051,990 | ---- | M] () -- C:\Documents and Settings\mxu34\Desktop\Resume Jing.docx
[2010/03/17 18:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 18:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/09 23:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/09 23:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/03/09 04:28:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/09 04:28:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/09 04:28:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/09 02:16:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/26 15:31:55 | 000,000,421 | ---- | M] () -- C:\Documents and Settings\mxu34\Desktop\Shortcut to GT.lnk
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/24 23:24:37 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/02/24 23:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/02/24 23:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/02/24 23:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/02/24 23:24:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/02/24 23:24:36 | 005,944,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/02/24 23:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/24 23:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/02/24 23:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/02/24 23:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/02/24 23:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/24 23:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/02/24 23:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/02/24 23:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/02/24 23:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/24 23:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/02/24 23:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/02/24 23:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/02/24 23:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/24 04:12:28 | 001,310,720 | ---- | M] (South River Technologies) -- C:\WINDOWS\System32\wdCryptoUtils.dll
[2010/02/24 04:12:24 | 002,383,872 | ---- | M] (South River Technologies) -- C:\WINDOWS\System32\wdResDll.dll
[2010/02/24 04:11:16 | 001,314,816 | ---- | M] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdShellExt.dll
[2010/02/24 04:11:16 | 000,466,944 | ---- | M] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdnp32.dll
[2010/02/24 04:11:08 | 001,720,320 | ---- | M] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdHelper.dll
[2010/02/24 04:11:06 | 000,241,664 | ---- | M] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdUIResDll.dll
[2010/02/24 02:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/02/24 02:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/02/23 20:01:34 | 001,389,960 | ---- | M] (http://mediainfo.sourceforge.net) -- C:\WINDOWS\System32\PPSMInfo.dll
[2010/02/17 06:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/16 07:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/16 07:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/16 06:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/16 06:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/16 06:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/11 21:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 21:13:11 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 20:11:51 | 000,000,510 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 18:51:30 | 000,069,632 | ---- | M] (South River Technologies, LLC) -- C:\WINDOWS\System32\wdIconDll.dll
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/02/09 18:24:00 | 001,277,496 | ---- | M] (Wei Dai) -- C:\WINDOWS\System32\cryptopp.dll
[2010/01/29 07:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010/01/29 07:43:39 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/01/13 16:45:03 | 001,272,662 | ---- | M] () -- C:\Documents and Settings\mxu34\Desktop\EN_Web_TEW-432BRP(D1)[1].pdf
[2010/01/13 07:01:25 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/24 07:16:09 | 1073,741,824 | -H-- | M] () -- C:\pfsvoddata.bbv
[2009/12/24 07:02:32 | 000,000,113 | ---- | M] () -- C:\WINDOWS\PPSMediaList.ini
[2009/12/23 23:59:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/16 11:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 11:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 00:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 00:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/08 22:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/08 22:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/08 02:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/11/27 10:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 10:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 10:11:44 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 09:07:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 09:07:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 09:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 09:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 09:07:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 09:07:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/21 08:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 08:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/11 18:57:00 | 000,434,176 | ---- | M] (斗蟹网下载站-您选择的下载站) -- C:\WINDOWS\System32\DouxieNews.exe

========== Files Created - No Company Name ==========

[2010/05/08 15:11:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\mxu34\Desktop\bo0j5cun.exe
[2010/05/08 14:44:21 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\mxu34\Desktop\CKScanner.exe
[2010/05/07 11:45:55 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\stid$.inf
[2010/04/26 15:38:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mxu34\Local Settings\Application Data\PUTTY.RND
[2010/04/26 02:09:18 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\pptv.scr
[2010/04/22 15:53:31 | 1073,741,824 | ---- | C] () -- C:\ppsds.pgf
[2010/04/04 18:53:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2010/03/17 18:52:00 | 000,051,990 | ---- | C] () -- C:\Documents and Settings\mxu34\Desktop\Resume Jing.docx
[2010/02/26 15:31:55 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\mxu34\Desktop\Shortcut to GT.lnk
[2010/01/13 16:45:03 | 001,272,662 | ---- | C] () -- C:\Documents and Settings\mxu34\Desktop\EN_Web_TEW-432BRP(D1)[1].pdf
[2009/12/24 07:16:09 | 1073,741,824 | -H-- | C] () -- C:\pfsvoddata.bbv
[2009/12/24 07:03:17 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2009/09/19 09:48:48 | 000,000,096 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2009/09/19 09:41:20 | 000,000,140 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2009/09/19 09:41:20 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini
[2009/09/19 09:14:03 | 000,003,111 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2009/09/19 09:14:03 | 000,002,405 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009/08/17 08:42:06 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/13 09:07:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/08/13 09:05:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/28 14:35:46 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/28 14:35:46 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/28 14:35:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/28 14:35:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/28 14:34:41 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/06/28 12:27:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/28 12:21:25 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/28 12:20:38 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/06/28 12:05:15 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/06/28 12:02:51 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/08/15 06:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/25 14:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/14 12:54:36 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\CMBEdit.dll
[2007/04/19 03:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 03:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/06/30 10:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 10:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005/02/17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >



Extras.txt
OTL Extras logfile created on: 5/8/2010 PM 03:13:53 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\mxu34\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.88 Gb Total Space | 38.99 Gb Free Space | 26.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MG4415JCRIT3LP5
Current User Name: mxu34
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"13204:TCP" = 13204:TCP:*:Enabled:BitComet 13204 TCP
"13204:UDP" = 13204:UDP:*:Enabled:BitComet 13204 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\mxu34\My Documents\Downloads\ppstreamsetup.exe" = C:\Documents and Settings\mxu34\My Documents\Downloads\ppstreamsetup.exe:*:Enabled:PPStream Installer -- (PPStream Inc.)
"C:\Documents and Settings\mxu34\My Documents\Downloads\ppstreamsetup(2).exe" = C:\Documents and Settings\mxu34\My Documents\Downloads\ppstreamsetup(2).exe:*:Enabled:PPStream Installer -- (PPStream Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\cctvbox\tv\CCTVPlayer.exe" = C:\Program Files\cctvbox\tv\CCTVPlayer.exe:*:Enabled:CCTVPlayer Microsoft ??????? -- File not found
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe" = C:\Program Files\Intel\WiFi\bin\EvtEng.exe:*:Enabled:EvtEng -- (Intel(R) Corporation)
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe:*:Enabled:RegSrvc -- (Intel(R) Corporation)
"C:\Program Files\Intel\ASF Agent\ASFAgent.exe" = C:\Program Files\Intel\ASF Agent\ASFAgent.exe:*:Enabled:ASFAgent -- (Intel Corporation)
"C:\Program Files\AliWangWang\AliIM.exe" = C:\Program Files\AliWangWang\AliIM.exe:*:Enabled:AliIM -- File not found
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found
"C:\Program Files\PPLive\PPLiveU.exe" = C:\Program Files\PPLive\PPLiveU.exe:*:Enabled:PPLiveU -- ( )
"C:\Program Files\PPLiveVA\PPLiveVA.exe" = C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found
"C:\Program Files\PPLiveVA\FlvPick.exe" = C:\Program Files\PPLiveVA\FlvPick.exe:*:Enabled:FlvPick -- File not found
"C:\Program Files\PPLiveVA\CrashUpload.exe" = C:\Program Files\PPLiveVA\CrashUpload.exe:*:Enabled:CrashUpload -- File not found
"C:\Program Files\PPLiveVA\Download.exe" = C:\Program Files\PPLiveVA\Download.exe:*:Enabled:Download -- File not found
"C:\Program Files\PPLiveVA\DownloadProgress.exe" = C:\Program Files\PPLiveVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- File not found
"C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe" = C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP -- File not found
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Program Files\StormII\Storm.exe" = C:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音 -- (北京暴风网际科技有限公司)
"C:\Program Files\StormII\StormUpdate.dll" = C:\Program Files\StormII\StormUpdate.dll:*:Enabled:暴风影音媒体控制中心 -- ()
"C:\Program Files\StormII\box\Stline.exe" = C:\Program Files\StormII\box\Stline.exe:*:Enabled:暴风盒子 -- (北京暴风网际科技有限公司)
"C:\Program Files\StormII\Stormtray.exe" = C:\Program Files\StormII\Stormtray.exe:*:Enabled:暴风网络中心 -- (北京暴风网际科技有限公司)
"C:\Program Files\StormII\stormpop.exe" = C:\Program Files\StormII\stormpop.exe:*:Enabled:暴风资讯 -- ()
"C:\DOCUME~1\mxu34\LOCALS~1\Temp\Plg1F7.tmp" = C:\DOCUME~1\mxu34\LOCALS~1\Temp\Plg1F7.tmp:*:Enabled:fg_ol_silent -- File not found
"C:\Documents and Settings\mxu34\Local Settings\temp\Plg1F5.tmp" = C:\Documents and Settings\mxu34\Local Settings\temp\Plg1F5.tmp:*:Enabled:360安全中心 -- File not found
"C:\Program Files\cctvbox\cctvbox\tv\CCTVPlayer.exe" = C:\Program Files\cctvbox\cctvbox\tv\CCTVPlayer.exe:*:Enabled:CCTVPlayer Microsoft 基础类应用程序 -- ()
"C:\Program Files\WebDrive\webdrive.exe" = C:\Program Files\WebDrive\webdrive.exe:*:Enabled:WebDrive Application -- (South River Technologies, LLC)
"C:\Program Files\WebDrive\wdService.exe" = C:\Program Files\WebDrive\wdService.exe:*:Enabled:WebDrive Service -- (South River Technologies, LLC)
"C:\Program Files\easyMule\emule.exe" = C:\Program Files\easyMule\emule.exe:*:Enabled:easyMule -- File not found
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- (Synacast)
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA -- (Synacast)
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick -- ()
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload -- (Synacast)
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download -- (Synacast)
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- (Synacast)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)
"C:\Program Files\MATLAB\R2009b\bin\win32\MATLAB.exe" = C:\Program Files\MATLAB\R2009b\bin\win32\MATLAB.exe:*:Enabled:MATLAB -- (The MathWorks Inc.)
"C:\Program Files\Cytoscape_v2.7.0\Cytoscape.exe" = C:\Program Files\Cytoscape_v2.7.0\Cytoscape.exe:*:Enabled:Cytoscape -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C9F023D-5155-4118-A9BB-2A9391E2C293}" = VanDyke Software SecureCRT 6.2
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel(R) PROSet/Wireless WiFi API
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CDFBC557-9C31-402F-8E13-241839F1C2B3}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A6F01E0A-694A-44C1-A322-0E4ED0327F8F}" =
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel(R) PROSet/Wireless WiFi Driver
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCED6C58-572F-4062-A037-2F610F3A54E5}" = X-Win32 9.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"5211-3645-3154-2580" = Cytoscape 2.7.0
"7-Zip" = 7-Zip 4.62
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"BEES40e" = BEES40e
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GSview 4.7" = GSview 4.7
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"MatlabR2009b" = MATLAB R2009b
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PPLive" = PPTV V2.4.3.0019
"PPStream" = PPS影音 V2.6.86.9024 正式版
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.60
"QuicktimeAlt_is1" = QuickTime Alternative 2.4.0
"RealAlt_is1" = Real Alternative 1.7.5
"storm2" = 暴风影音
"TTPlayer" = 千千静听 5.6Beta3
"VISPRO" = Microsoft Office Visio Professional 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1177238915-2111687655-1060284298-485228\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCTVBox" = CCTVBox Uninstall
"PPLiveVA" = PPLive Video Accelerator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2010 PM 07:19:55 | Computer Name = MG4415JCRIT3LP5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/8/2010 AM 12:38:03 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/8/2010 AM 12:38:04 | Computer Name = MG4415JCRIT3LP5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/8/2010 AM 12:38:05 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/8/2010 PM 03:17:34 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/8/2010 PM 03:17:35 | Computer Name = MG4415JCRIT3LP5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/8/2010 PM 03:17:44 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/8/2010 PM 05:32:15 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/8/2010 PM 05:32:16 | Computer Name = MG4415JCRIT3LP5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/8/2010 PM 05:32:24 | Computer Name = MG4415JCRIT3LP5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 5/4/2010 PM 07:35:02 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2010 PM 07:35:09 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2010 AM 11:53:02 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2010 AM 11:59:14 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2010 PM 12:21:31 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2010 PM 12:50:29 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2010 PM 01:26:09 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2010 PM 04:15:12 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2010 PM 04:30:15 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2010 PM 07:33:58 | Computer Name = MG4415JCRIT3LP5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/7/2010 PM 03:20:09 | Computer Name = MG4415JCRIT3LP5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GT-COE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/7/2010 PM 07:20:09 | Computer Name = MG4415JCRIT3LP5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GT-COE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/8/2010 AM 12:38:03 | Computer Name = MG4415JCRIT3LP5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GT-COE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/8/2010 AM 12:38:14 | Computer Name = MG4415JCRIT3LP5 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.10.102 for the Network Card with network
address 0022FB917C3E has been denied by the DHCP server 192.168.10.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/8/2010 AM 12:39:30 | Computer Name = MG4415JCRIT3LP5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/8/2010 AM 01:23:00 | Computer Name = MG4415JCRIT3LP5 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.10.101
with the system having network hardware address 00:25:BC:55:47:6A. Network operations
on this system may be disrupted as a result.

Error - 5/8/2010 PM 03:17:21 | Computer Name = MG4415JCRIT3LP5 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.10.101 for the Network Card with network
address 0022FB917C3E has been denied by the DHCP server 10.141.192.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/8/2010 PM 03:17:34 | Computer Name = MG4415JCRIT3LP5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GT-COE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/8/2010 PM 03:19:30 | Computer Name = MG4415JCRIT3LP5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/8/2010 PM 05:32:15 | Computer Name = MG4415JCRIT3LP5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GT-COE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
mingxu16
Regular Member
 
Posts: 30
Joined: October 13th, 2009, 7:25 pm
Top
Advertisement
Register to Remove

Re: HELP: Internet explorer automatically sets homepage

Unread postby mingxu16 » May 9th, 2010, 1:24 pm

sorry for taking so long to post this log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 10:14:44
Windows 5.1.2600 Service Pack 3
Running: bo0j5cun.exe; Driver: C:\DOCUME~1\mxu34\LOCALS~1\Temp\kxgoypoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9CFCABB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9CFCA3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9CFCAE5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9CFCA4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9CFCA7B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9CFCB0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA9CFCA27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9CFCACF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9CFCA65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9CFCA91]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9CFCAA7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9CFCB25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9CFCAF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP A9CFCAFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A9CFCABF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP A9CFCB13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP A9CFCB29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP A9CFCAD3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP A9CFCAE9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP A9CFCAAB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP A9CFCA95 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP A9CFCA69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP A9CFCA3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP A9CFCA53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP A9CFCA7F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP A9CFCA2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8467380, 0x381B8D, 0xE8000020]
init C:\WINDOWS\system32\Drivers\OA001Afx.sys entry point in "init" section [0xB234B310]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01070FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01070F5F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01070F70
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0107004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01070F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01070FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01070076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01070F2E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010700A2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01070091
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01070EEE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0107002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01070FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01070065
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0107001E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01070FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01070F1D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01060FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01060043
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01060FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01060FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01060F86
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01060000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01060FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01060FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01050FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!system 77C293C7 5 Bytes JMP 0105005D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0105002E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01050000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01050FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0105001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01040FE5
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30071
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30F72
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30040
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30F83
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F3A
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F57
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C300B8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C3009D
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30F04
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30082
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FA8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F1F
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C2007D
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C2006C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10F9A
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FB5
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FC6
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02830000
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02830F7C
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02830F97
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02830065
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02830054
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0283002F
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028300AE
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0283009D
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02830F4B
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028300DA
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02830F3A
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02830FA8
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02830FEF
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0283008C
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02830FC3
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02830FD4
.text C:\WINDOWS\system32\wuauclt.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028300C9
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02810042
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 02810031
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02810FC8
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02810FEF
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02810FB7
.text C:\WINDOWS\system32\wuauclt.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0281000C
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02820FDB
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02820058
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0282002C
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0282001B
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02820FA5
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02820000
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02820047
.text C:\WINDOWS\system32\wuauclt.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02820FC0
.text C:\WINDOWS\system32\wuauclt.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02800000
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F46
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F57
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070056
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700A9
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F35
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070EFF
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F79
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F97
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FA8
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050018
.text C:\WINDOWS\system32\services.exe[992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30F66
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30F81
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F30F92
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FDB
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F30093
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30F4B
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F30F1F
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F30F30
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F300C9
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F30FCA
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F30076
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30047
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F30022
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F300A4
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20F9B
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20040
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20025
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20FB6
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F20062
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20051
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10053
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10038
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10027
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FE3
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02430000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02430FB1
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024300A6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0243008B
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02430070
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0243004E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024300DE
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02430F96
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02430F60
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02430103
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02430114
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0243005F
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02430011
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024300C1
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0243003D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02430022
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02430F7B
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02420FC3
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0242002F
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02420014
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02420FDE
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02420F7C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02420FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02420F97
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [62, 8A]
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02420FB2
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02410F9E
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 02410FB9
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02410FD4
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02410FEF
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02410029
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0241000C
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F81
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F92
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0076
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE004A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE00AC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F64
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0F24
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F3F
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0F09
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE005B
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0091
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE002F
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE001E
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE00BD
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0073
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD0047
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FC0
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC002C
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0FAB
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FBC
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03640FEF
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03640F4B
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03640F5C
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03640F83
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03640F94
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03640025
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03640071
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03640F1F
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03640ED8
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03640EF3
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03640EC7
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03640036
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03640FCA
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03640F30
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03640FB9
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03640000
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03640F0E
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0363002F
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03630FB9
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03630014
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03630FDE
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0363006C
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03630FEF
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0363005B
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03630040
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03620FC6
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 03620051
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0362002C
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03620000
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03620FD7
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03620011
.text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03540000
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03530FEF
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0353000A
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03530025
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03530FCA
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F46
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F57
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60F68
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F79
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60FA5
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60EFD
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F0E
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60ECE
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60067
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60EBD
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60F94
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F2B
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60056
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B002C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F94
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B001B
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0FAF
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0FC0
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0047
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0F77
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0F92
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FB7
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A000C
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0FDE
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00680FEF
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0068002F
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0068004A
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FE5
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00810F77
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810F88
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00810062
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00810051
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00810FCA
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008100A4
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00810F5C
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00810F29
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00810F3A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00810F18
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00810FAF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00810025
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00810087
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00810040
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00810FE5
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00810F4B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00800047
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800036
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00800F94
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A0, 88]
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800FAF
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F002F
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0FA4
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0FC6
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0FB5
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1528] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F80
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0F91
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA0FAC
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0069
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA003D
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F54
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA009C
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA00CB
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA0F28
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA0F17
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA004E
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA0F65
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA002C
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0F39
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A90FCA
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A90051
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A90F8A
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A90FA5
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C9, 88]
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A90036
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80047
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FB2
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01EC0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01EC0F4D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01EC0042
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01EC0F68
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01EC0F79
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01EC0FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01EC0078
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01EC0F3C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01EC0EFA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01EC0F15
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01EC0EDF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01EC0F8A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01EC0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01EC0067
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01EC0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01EC001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01EC0093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01EB0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01EB004D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01EB0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01EB0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01EB0F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01EB0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01EB0FA1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 8A]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01EB0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01EA0FBE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!system 77C293C7 5 Bytes JMP 01EA0049
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01EA001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01EA000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01EA002E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01EA0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E90FEF
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0266000A
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02660FA6
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0266009B
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02660FCD
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02660080
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0266004A
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026600AC
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02660F64
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02660F53
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026600EC
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02660F42
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02660065
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02660FEF
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02660F8B
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02660039
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02660FDE
.text C:\WINDOWS\Explorer.EXE[2536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026600D1
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02650036
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02650F94
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02650FE5
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02650025
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02650FB9
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02650000
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02650FCA
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 8A]
.text C:\WINDOWS\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0265005B
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02640FA1
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!system 77C293C7 5 Bytes JMP 0264002C
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02640FC6
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02640000
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0264001B
.text C:\WINDOWS\Explorer.EXE[2536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02640FE3
.text C:\WINDOWS\Explorer.EXE[2536] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02620000
.text C:\WINDOWS\Explorer.EXE[2536] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02620FDB
.text C:\WINDOWS\Explorer.EXE[2536] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0262001B
.text C:\WINDOWS\Explorer.EXE[2536] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0262002C
.text C:\WINDOWS\Explorer.EXE[2536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02630FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A995ED20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Intel?Matrix Storage Manager
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Intel?Matrix Storage Manager@Order 0x08 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----
mingxu16
Regular Member
 
Posts: 30
Joined: October 13th, 2009, 7:25 pm
Top

Re: HELP: Internet explorer automatically sets homepage

Unread postby deltalima » May 9th, 2010, 3:56 pm

Hi mingxu16,

After clarifying the forum policy on the use of cracked software I still see evidence of cracked software on this computer and attempts to disguise the facts.

I have no option other than to ask for this thread to be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: HELP: Internet explorer automatically sets homepage

Unread postby Gary R » May 10th, 2010, 11:10 am

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: jwdo and 638 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index