Free Malware Removal Forum

by **steveacan** » August 21st, 2010, 4:09 pm

Inspiron 1545, Vista
1st, there were flickering of a webpage which opened several pages all at once until I had to shut down & reboot, then Mcafee detected an infected file called gkbda02.dll which it deleted or fixed it said, then I downloaded malwarebytes which detected 2 trojans & more maleware which were deleted, but that it had a problem deleted 1 infected file, now I get a message at reboot stating that a file is missing called ojamopajeboyorad.dll, then I downloaded hyjakthis. Here is my HiJackThis Log. Thank you for the help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:40 PM, on 8/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Users\steveacan\Desktop\HiJackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Wfini] rundll32.exe "C:\Users\steveacan\AppData\Local\ojamopajeboyorad.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-us.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 11549 bytes

by **deltalima** » August 25th, 2010, 3:17 pm

Hi steveacan,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List

Open HijackThis.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please copy and paste the contents of this log in your next reply.

by **steveacan** » August 25th, 2010, 10:38 pm

Thank you for helping me.. Here is my saved uninstall list

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DELL0703
Dell-eBay
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.02.0825)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
OGA Notifier 2.0.0048.0
PowerDVD DX
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
Sports Interaction Poker
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

by **deltalima** » August 26th, 2010, 3:45 am

Hi steveacan,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe and select Run as Administrator.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **steveacan** » August 26th, 2010, 11:01 pm

Thank you again, but I must tell you that I had major problems with the gmer scan download. When I clicked on the icon to download it would give me the run or save option, if I clicked save then it would give me a pop up that said cannot save from gmer website the 1st time, the 2nd time it just shut down windows & had to restart. if I clicked run the program then it would go straight into the rootmalware scan screen & when I clicked scan it would scan for about 10 minutes then windows would automatically shut down & restart. I never could get to the run as administrator or it would have probably been fine, sorry, more instruction needed on that scan I guess. I will however post the other 2 scans you asked me to do.

The OTL Scan:
OTL logfile created on: 8/25/2010 10:22:10 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\steveacan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 131.97 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVEACAN-PC
Current User Name: steveacan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\steveacan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Windows\sminst\Components\scheduler\STService.exe ()
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\steveacan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2568107201-3685462955-568167714-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2568107201-3685462955-568167714-1000..\Run: [Wfini] C:\Users\steveacan\AppData\Local\ojamopajeboyorad.DLL File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\sminst\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\steveacan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... den-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\steveacan\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\steveacan\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 11:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 22:20:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\steveacan\Desktop\OTL.exe
[2010/08/17 15:44:28 | 000,000,000 | ---D | C] -- C:\Users\steveacan\Desktop\HiJackThis
[2010/08/15 09:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/14 17:56:31 | 015,678,864 | ---- | C] (Microsoft Corporation) -- C:\Users\steveacan\Desktop\mpas-fe defintions for WinDefendere.exe
[2010/08/14 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\steveacan\AppData\Roaming\Malwarebytes
[2010/08/14 15:12:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/14 15:12:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 15:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 15:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 15:11:03 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\steveacan\Desktop\mbam-setup-1.46.exe
[2010/08/12 16:31:54 | 000,000,000 | ---D | C] -- C:\Users\steveacan\AppData\Local\ElevatedDiagnostics
[2010/08/12 16:25:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/08/12 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/08/11 18:33:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/11 18:33:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 18:33:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/11 18:33:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 18:33:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 18:33:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/11 18:33:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 18:33:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/11 18:33:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/11 18:33:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 18:33:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/11 18:33:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/11 18:33:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 18:33:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 18:33:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 18:32:41 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 18:15:57 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 18:15:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 18:09:22 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 18:09:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/05 11:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/01 16:13:45 | 000,000,000 | ---D | C] -- C:\Users\steveacan\Documents\Steve Jr & Caroline
[2010/08/01 15:49:58 | 000,000,000 | ---D | C] -- C:\Users\steveacan\Documents\Moms Bonds
[2009/07/29 18:27:03 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\steveacan\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/08/25 22:20:40 | 003,670,016 | -HS- | M] () -- C:\Users\steveacan\NTUSER.DAT
[2010/08/25 22:20:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\steveacan\Desktop\OTL.exe
[2010/08/25 22:18:19 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5994928C-4D6D-4671-B916-988766FBF6B3}.job
[2010/08/25 22:02:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 22:02:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 20:19:02 | 000,015,372 | ---- | M] () -- C:\Users\steveacan\Desktop\CHAPTER 2 & 3 Review Questions.docx
[2010/08/25 16:32:03 | 000,002,531 | ---- | M] () -- C:\Users\steveacan\Desktop\HiJackThis.lnk
[2010/08/25 16:04:34 | 000,021,639 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/08/25 16:02:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 16:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 16:02:49 | 3716,562,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 23:06:26 | 000,524,288 | -HS- | M] () -- C:\Users\steveacan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 23:06:26 | 000,065,536 | -HS- | M] () -- C:\Users\steveacan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/08/22 22:49:02 | 003,459,548 | -H-- | M] () -- C:\Users\steveacan\AppData\Local\IconCache.db
[2010/08/21 21:07:56 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/18 22:01:18 | 000,001,967 | ---- | M] () -- C:\Users\steveacan\Desktop\Sports Interaction Poker.lnk
[2010/08/15 21:20:27 | 000,027,648 | ---- | M] () -- C:\Users\steveacan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 09:42:04 | 001,402,880 | ---- | M] () -- C:\Users\steveacan\Desktop\HiJackThis.msi
[2010/08/14 17:56:52 | 015,678,864 | ---- | M] (Microsoft Corporation) -- C:\Users\steveacan\Desktop\mpas-fe defintions for WinDefendere.exe
[2010/08/14 15:12:48 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 15:11:22 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\steveacan\Desktop\mbam-setup-1.46.exe
[2010/08/14 14:44:22 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\Tfumuwonezonuso.bin
[2010/08/12 16:23:53 | 003,473,408 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/08/12 16:23:52 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/08/12 16:23:52 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/08/12 15:36:03 | 000,618,945 | ---- | M] () -- C:\Users\steveacan\Desktop\Autoruns.zip
[2010/08/11 20:28:43 | 000,302,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/06 23:28:46 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\omemerujomurara.dll
[2010/08/06 21:26:26 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\aweqayoqanej.dll
[2010/08/06 19:24:25 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ocitefed.dll
[2010/08/06 17:22:26 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\oyagosix.dll
[2010/08/05 22:02:40 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ovukowomaquden.dll
[2010/08/05 20:00:40 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\oholekoconisi.dll
[2010/08/05 17:59:00 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\unufalut.dll
[2010/08/05 15:56:39 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\exefucip.dll
[2010/08/05 13:54:39 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\iheguwiv.dll
[2010/08/05 11:55:30 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/05 11:52:39 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\obutaduxotoy.dll
[2010/08/04 22:29:04 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ajocolay.dll
[2010/08/04 20:27:07 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ozinizokizi.dll
[2010/08/04 18:25:35 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\akiyuhaxovab.dll
[2010/08/04 16:23:25 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\usaminopa.dll
[2010/08/04 09:00:10 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\elojopevogani.dll
[2010/08/03 20:47:15 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\acoqutoq.dll
[2010/08/03 18:45:12 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\elamevedecotezi.dll
[2010/08/03 17:56:45 | 000,001,070 | ---- | M] () -- C:\Users\steveacan\Desktop\Angela Khaki Ball16 - Shortcut.lnk
[2010/08/02 21:12:48 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\emunilecola.dll
[2010/08/02 19:30:30 | 000,013,542 | ---- | M] () -- C:\Users\steveacan\Desktop\letter to US AIRWAYS.docx
[2010/08/01 10:29:09 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\exebafidequ.dll
[2010/08/01 08:26:52 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ehufumak.dll
[2010/07/31 21:22:54 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\avobaraxonug.dll
[2010/07/31 19:16:01 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\oyecegalaju.dll
[2010/07/31 17:14:01 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ukuhafewoqaned.dll
[2010/07/31 13:08:09 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\alepuwid.dll
[2010/07/31 11:05:59 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\oraxegirifad.dll
[2010/07/30 20:42:52 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ejihozewuj.dll
[2010/07/30 18:37:05 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\utehajileso.dll
[2010/07/30 16:35:05 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ivutowuw.dll
[2010/07/30 15:19:36 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/30 15:19:36 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/30 15:19:36 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/29 20:59:25 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\ijolonizokizice.dll
[2010/07/28 18:55:43 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\olalaqocu.dll
[2010/07/28 16:53:49 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\awomiwokoj.dll
[2010/07/28 13:59:19 | 000,000,000 | ---- | M] () -- C:\Users\steveacan\AppData\Local\apukikodurexu.dll

========== Files Created - No Company Name ==========

[2010/08/25 18:14:33 | 000,015,372 | ---- | C] () -- C:\Users\steveacan\Desktop\CHAPTER 2 & 3 Review Questions.docx
[2010/08/15 09:42:55 | 000,002,531 | ---- | C] () -- C:\Users\steveacan\Desktop\HiJackThis.lnk
[2010/08/15 09:41:54 | 001,402,880 | ---- | C] () -- C:\Users\steveacan\Desktop\HiJackThis.msi
[2010/08/14 15:12:48 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/12 16:23:44 | 003,473,408 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/08/12 16:23:44 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/08/12 16:23:44 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/08/12 15:36:02 | 000,618,945 | ---- | C] () -- C:\Users\steveacan\Desktop\Autoruns.zip
[2010/08/06 23:28:46 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\omemerujomurara.dll
[2010/08/06 21:26:25 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\aweqayoqanej.dll
[2010/08/06 19:24:24 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ocitefed.dll
[2010/08/06 17:22:24 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\oyagosix.dll
[2010/08/05 22:02:39 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ovukowomaquden.dll
[2010/08/05 20:00:39 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\oholekoconisi.dll
[2010/08/05 17:58:59 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\unufalut.dll
[2010/08/05 15:56:37 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\exefucip.dll
[2010/08/05 13:54:38 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\iheguwiv.dll
[2010/08/05 11:52:38 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\obutaduxotoy.dll
[2010/08/04 22:29:04 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ajocolay.dll
[2010/08/04 20:27:05 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ozinizokizi.dll
[2010/08/04 18:25:25 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\akiyuhaxovab.dll
[2010/08/04 16:23:24 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\usaminopa.dll
[2010/08/04 09:00:05 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\elojopevogani.dll
[2010/08/03 20:47:11 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\acoqutoq.dll
[2010/08/03 18:45:10 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\elamevedecotezi.dll
[2010/08/03 17:56:45 | 000,001,070 | ---- | C] () -- C:\Users\steveacan\Desktop\Angela Khaki Ball16 - Shortcut.lnk
[2010/08/02 21:12:46 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\emunilecola.dll
[2010/08/01 10:29:04 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\exebafidequ.dll
[2010/08/01 08:26:50 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ehufumak.dll
[2010/07/31 21:22:53 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\avobaraxonug.dll
[2010/07/31 19:16:00 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\oyecegalaju.dll
[2010/07/31 18:48:06 | 000,013,542 | ---- | C] () -- C:\Users\steveacan\Desktop\letter to US AIRWAYS.docx
[2010/07/31 17:14:00 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ukuhafewoqaned.dll
[2010/07/31 13:08:09 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\alepuwid.dll
[2010/07/31 11:05:58 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\oraxegirifad.dll
[2010/07/30 20:42:52 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ejihozewuj.dll
[2010/07/30 18:36:43 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\utehajileso.dll
[2010/07/30 16:34:42 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ivutowuw.dll
[2010/07/29 20:59:03 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ijolonizokizice.dll
[2010/07/28 18:55:22 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\olalaqocu.dll
[2010/07/28 16:53:27 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\awomiwokoj.dll
[2010/07/28 13:58:56 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\apukikodurexu.dll
[2010/07/25 04:12:22 | 000,000,790 | ---- | C] () -- C:\Users\steveacan\AppData\Local\onebituk.dll
[2010/07/21 04:12:22 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\eyopozadu.dll
[2010/07/20 06:43:47 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\elobocovofama.dll
[2010/07/18 11:01:58 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ubowepas.dll
[2010/07/18 06:41:43 | 000,042,160 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ogasofih.dll
[2010/07/14 04:17:28 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\olimanap.dll
[2010/07/13 20:25:26 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\uxofixejoweraxi.dll
[2010/07/13 18:23:26 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ibawuwuqec.dll
[2010/07/13 16:21:26 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\elihehuc.dll
[2010/07/13 14:19:25 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\ikiyogovi.dll
[2010/07/02 11:08:50 | 000,001,732 | ---- | C] () -- C:\Users\steveacan\AppData\Local\abukikodurexu.dll
[2010/06/01 16:01:01 | 000,000,000 | ---- | C] () -- C:\Users\steveacan\AppData\Local\Tfumuwonezonuso.bin
[2010/06/01 16:01:00 | 000,000,120 | ---- | C] () -- C:\Users\steveacan\AppData\Local\Vpayilita.dat
[2009/10/13 16:15:26 | 000,006,080 | ---- | C] () -- C:\Users\steveacan\AppData\Local\d3d9caps.dat
[2009/09/10 15:52:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 15:52:33 | 000,016,280 | ---- | C] () -- C:\Users\steveacan\AppData\Local\azimelumorunif.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/22 20:54:32 | 000,027,648 | ---- | C] () -- C:\Users\steveacan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 16:16:48 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/30 20:37:35 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/30 20:37:35 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/30 20:37:35 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/30 20:37:35 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/30 20:37:35 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/30 20:37:35 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/30 20:37:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/30 20:37:35 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/30 20:37:35 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/30 20:37:35 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/30 20:37:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/30 20:37:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/30 20:37:34 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/30 20:37:34 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/30 20:37:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/30 20:37:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/30 20:37:34 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/30 20:37:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/30 20:37:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/30 20:37:33 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/30 20:37:33 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/30 20:37:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/30 20:37:30 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/30 20:16:36 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/05/30 20:16:36 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/05/30 20:09:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2006/11/02 00:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 21:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\New Sports Interaction Poker:MID
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

The Extras Scan:
OTL Extras logfile created on: 8/25/2010 10:22:10 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\steveacan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 131.97 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVEACAN-PC
Current User Name: steveacan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032B434E-1BC7-4C39-BCFE-8A333D9C7867}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{223A0904-ADE5-4BDA-BC3B-18AF8FB40C8E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27180C6F-26CB-45BE-8D19-97F23768F7BF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D13A66E-DCA5-429D-B302-BA3AA5DBFF6B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{392BA6B8-83A3-488A-A6E0-9E5E77F9B6F7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3AA9D017-2B3B-4FC6-8CF7-E16AACD40B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EB41701-A689-4533-94C2-C9379FE0028C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F22504D-7C75-471D-9D57-38C03EA522CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D6DBBF6-8E83-498F-9844-F3691E24D360}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EA24FE6-CF28-4A36-AE45-91FFD7E6851E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B49233D3-3E0E-4AE1-B39B-429A8D9D5AF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6700A8E-347A-4549-9A26-1996CB336153}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B935B4A1-8A9E-43FA-8E53-76B6B8075577}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAC971E4-E697-402C-9005-9717967540C2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D4763B1E-1BCA-49C5-81CC-A683CB3C6FDF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E5949B73-84DA-4116-909B-B9C62D40C354}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E972668E-8201-458D-94BB-FF587DF0F108}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB63C028-9696-4ADF-A81C-E86E7661353D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F66CBFBF-CD48-4EA7-8DE8-05C950E59112}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071B7AA6-BE27-4C25-AA97-09671BFC59AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{071D7535-0091-4614-B50B-118FB554551B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{0D491B3D-E89C-41C4-A43B-40E9C76E5C2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19056DFD-33C6-433F-83C3-5571E91B05D7}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{1C865875-6994-4A1A-8D27-96F59D9167DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C7EBCAE-82F7-405F-B017-B2B4D469F860}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{32413B19-8BA2-44D7-91E1-932CE06E615F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0EC4BD-4D8E-41AA-83D7-075C6DE13CFF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6C4EC29B-620E-4CE3-A449-0EE88CD8C774}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C4B453F-006C-476C-BB39-793E523714E1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{8BBD010B-942E-46B2-919F-AA91B3BEE067}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{98B96EB2-EF2A-463F-9F23-40D06B7EE3A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2B8D759-0920-4397-90C1-19B53154F28F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B5127BFD-0A5C-4D94-893C-A34F69F2B340}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6652BE7-8271-4CCE-A11A-5211B06E39E1}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{B842E3E5-ED97-42DB-B292-7DD8ADD77AF4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C9966163-CEB4-4638-B937-07F492E95550}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F1A3742F-090C-4CD3-AD9D-D681CE53CBBB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FCC82816-304A-467C-9BA2-F87224F40159}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"Sports Interaction(uninstall)" = Sports Interaction Poker
"STANDARDR" = Microsoft Office Standard 2007
"TVWiz" = Intel(R) TV Wizard
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2568107201-3685462955-568167714-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2010 2:19:50 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/10/2010 7:19:41 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/11/2010 8:59:11 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2010 2:28:54 AM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2010 4:17:33 AM | Computer Name = steveacan-pc | Source = EventSystem | ID = 4621
Description =

Error - 8/12/2010 9:18:36 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2010 9:36:59 PM | Computer Name = steveacan-pc | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEFRAME.dll, version 8.0.6001.18943, time stamp 0x4c259808,
exception code 0xc0000005, fault offset 0x00220599, process id 0xfb8, application
start time 0x01cb3a87fe8bc666.

Error - 8/12/2010 9:38:16 PM | Computer Name = steveacan-pc | Source = EventSystem | ID = 4621
Description =

Error - 8/12/2010 9:39:53 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2010 9:30:59 PM | Computer Name = steveacan-pc | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 8/14/2010 8:44:15 PM | Computer Name = steveacan-pc | Source = WLAN-Tray | ID = 0
Description = 14:44:15, Sat, Aug 14, 10 Error - Unable to decode string, error 87

Error - 8/15/2010 2:50:50 PM | Computer Name = steveacan-pc | Source = WLAN-Tray | ID = 0
Description = 08:50:47, Sun, Aug 15, 10 Error - Unable to gain access to user store

[ Dell Events ]
Error - 6/5/2010 3:33:10 PM | Computer Name = steveacan-pc | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 6/5/2010 3:33:11 PM | Computer Name = steveacan-pc | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 6/5/2010 4:02:01 PM | Computer Name = steveacan-pc | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 6/5/2010 4:02:01 PM | Computer Name = steveacan-pc | Source = DataSafe | ID = 3
Description = Failed or canceled

[ System Events ]
Error - 8/22/2010 3:07:54 AM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7009
Description =

Error - 8/22/2010 3:07:54 AM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/22/2010 3:01:28 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/22/2010 3:01:28 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/23/2010 9:51:31 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/23/2010 9:51:31 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/24/2010 9:10:26 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/24/2010 9:10:26 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/25/2010 10:03:34 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 8/25/2010 10:03:34 PM | Computer Name = steveacan-pc | Source = Service Control Manager | ID = 7000
Description =

< End of report >

by **deltalima** » August 27th, 2010, 3:44 am

Hi steveacan,

I had major problems with the gmer scan

Please run this alternative scan –

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Right click RKUnhookerLE.exe and select Run as Administrator.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

by **steveacan** » August 28th, 2010, 3:34 am

My new scan reply, thank you for helping.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8EA00000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9428992 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C3B000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81C3B000 PnpManager 3903488 bytes
0x81C3B000 RAW 3903488 bytes
0x81C3B000 WMIxWDM 3903488 bytes
0x96E60000 Win32k 2109440 bytes
0x96E60000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F40D000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8B00A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AE0E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FA0B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xADC05000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9080F000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes
0x82209000 C:\Windows\system32\drivers\iastor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8E617000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F2FE000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E700000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80601000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82324000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAB403000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F804000 C:\Windows\system32\DRIVERS\stwrt.sys 413696 bytes (IDT, Inc., IDT PC Audio)
0xAB573000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8F555000 C:\Windows\system32\DRIVERS\yk60x86.sys 315392 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x80733000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FB75000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90928000 C:\Windows\system32\DRIVERS\OA009Vid.sys 270336 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80498000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8AF7F000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F3B6000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F976000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AF44000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAB4FB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B11A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8078D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81C08000 ACPI_HAL 208896 bytes
0x8F5B5000 C:\Windows\system32\DRIVERS\Apfiltr.sys 208896 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x81C08000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8F9B2000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0x822D9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F931000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E7B4000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F869000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AF19000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x823BA000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x807C2000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FB10000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xAB5C1000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B16A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAB54C000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xADCF9000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8F896000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9098E000 C:\Windows\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x9096A000 C:\Windows\system32\DRIVERS\OA009Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x8AFC0000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B1A2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAB4BB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F8DE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB4DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAB470000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8FAF5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x909C1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAB48D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E78D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAB534000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F9E5000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B1D9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90911000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xADD40000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FBD2000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FB39000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB4A6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82395000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8AFE3000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FB61000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F5A2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8E6C7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FBBD000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x8F963000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FB4F000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xADD2E000 C:\Windows\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8B191000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x823E4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8230B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x908E8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x909DC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8077D000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x823AA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E7A5000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x909B2000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B15B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80708000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B1F0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E6F1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80724000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x970A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FBE8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F91A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8E60A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8AE00000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8067D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xADCED000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F8D2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F39F000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8F5F3000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F5E8000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F90F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E7EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E7E3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E6DD000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F3AB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071A000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x90907000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E600000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x909EC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FBF6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xADCE3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B1C3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F8BB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x908DF000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xADD56000 C:\Windows\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xADD66000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8231B000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F928000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97080000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8E6E8000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F3F4000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D0000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xADD1F000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
0x80490000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x908FF000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D9000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F8FF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F907000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B153000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F8CB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x908F8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80408000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xADD27000 C:\Windows\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xADD5F000 C:\Windows\system32\drivers\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0x8F8C4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8F400000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F406000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80717000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8F40A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FBD0000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x01E00000 Hidden Image-->msvcm90.dll [ EPROCESS 0xA7B3BD90 ] PID: 1680, 270336 bytes
0x02420000 Hidden Image-->msvcm90.dll [ EPROCESS 0xAEBEFD90 ] PID: 552, 270336 bytes
0x017F0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0xB0859818 ] PID: 4208, 28672 bytes
0x05D30000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0xA7B3BD90 ] PID: 1680, 4231168 bytes
0x017D0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0xB0859818 ] PID: 4208, 45056 bytes
0x01B70000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0xA7B3BD90 ] PID: 1680, 77824 bytes
0x02470000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0xAEBEFD90 ] PID: 552, 77824 bytes
0x01740000 Hidden Image-->sprtmessage.dll [ EPROCESS 0xB0859818 ] PID: 4208, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Users\steveacan\AppData\Local\Temp\~DFAC7.tmp::$DATA
!-->[Hidden] C:\Users\steveacan\AppData\Local\Temp\~DFCD91.tmp::$DATA
!-->[Hidden] C:\Users\steveacan\AppData\Local\Temp\~DFD87B.tmp::$DATA
!-->[Hidden] C:\Users\steveacan\AppData\Local\Temp\~DFDCD0.tmp::$DATA
!-->[Hidden] C:\Windows\Prefetch\MCSMTFWK.EXE-74FB5724.pf
!-->[Hidden] C:\Windows\Prefetch\MCUICNT.EXE-724FFEE9.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81CE37AA-->81CE37B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateFile, Type: Inline - RelativeJump 0x81E7CE5B-->8F9CB7A2 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x81ECC8BF-->8F9CB73C [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x81ECC90A-->8F9CB750 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateUserProcess, Type: Inline - RelativeJump 0x81E04B82-->8F9CB766 [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x81E4B4FA-->8F9CB7E0 [mfehidk.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x81DFA5B5-->8F9CB823 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x81E5BC08-->8F9CB714 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Inline - RelativeJump 0x81E5715A-->8F9CB728 [mfehidk.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x81E54F3D-->8F9CB7B6 [mfehidk.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x81E8EAD6-->8F9CB84B [mfehidk.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x81E8D8D2-->8F9CB837 [mfehidk.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x81ECD3C7-->8F9CB78E [mfehidk.sys]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x81E4F528-->8F9CB77A [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x81E2BDA3-->8F9CB80F [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x81E4B7BD-->8F9CB7F6 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x81C669D2-->8F9CB7CC [mfehidk.sys]
[1044]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1044]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1044]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1044]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1092]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1092]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1092]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1104]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[1104]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[1104]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[1104]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[1104]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1120]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [McProxy.exe]
[1120]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [McProxy.exe]
[1280]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1280]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1280]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1280]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1320]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1320]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1320]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[1320]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[1320]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[1320]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[1320]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1520]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[1780]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[2280]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[2280]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[2280]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [IEShims.dll]
[2304]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[2304]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76998E3B-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x769B26F1-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x769B9A62-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x769B17AA-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x769972A2-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x769A1305-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x769D847D-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x769C2EF5-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x769D8152-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x769C10B0-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7699CD8B-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x769C326E-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7699863C-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x769A8CB1-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x769B1847-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x769B0745-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [IEShims.dll]
[2304]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x769ED972-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x769ED639-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x769ED65D-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x769ED4D9-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x769ED5D3-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x769C2F75-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x769D6FB2-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x769C0987-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x769987AD-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x769998DB-->00000000 [ieframe.dll]
[2304]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[2304]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[2304]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[2304]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[2304]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [IEShims.dll]
[2304]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x770D330C-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x770D40D9-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x770D418A-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [IEShims.dll]
[2304]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x770D343A-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x770D659B-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [SeaNote.dll]
[2304]iexplore.exe-->wsock32.dll-->recv, Type: Inline - RelativeJump 0x72621858-->00000000 [SeaNote.dll]
[2432]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[2432]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[2432]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[2432]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[2432]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[2432]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[2432]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[2432]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[2676]STService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2676]STService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2676]STService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004412EC-->00000000 [shimeng.dll]
[2676]STService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2676]STService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2676]STService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2896]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[2896]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[2896]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[2896]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[3188]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[3188]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[3188]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[3188]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[3252]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[3252]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[3252]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[3252]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x769A1305-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x769D847D-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x769C2EF5-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x769D8152-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x769C10B0-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x769ED639-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x769ED65D-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x769ED4D9-->00000000 [ieframe.dll]
[3252]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x769ED5D3-->00000000 [ieframe.dll]
[3252]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[3252]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[3252]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[3252]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[3252]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[648]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[648]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[648]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[660]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[660]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[660]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[856]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[856]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[856]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[916]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x76C63BA9-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x76C639AB-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x76C741F1-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x76C7391E-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76C689C7-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x76C77C42-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x76C87BA1-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76C7E2B5-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75CFCE5F-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75CFAECB-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75CB2EF5-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75CB5C0C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75CD8E6E-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75CB1C28-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75CB1BF3-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75CF903B-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75CB19C9-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75CB1929-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75CD94DC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75CD94B4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75CD9109-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75CD9362-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75CB1DC3-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75CDDBDA-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75D45CF7-->00000000 [unknown_code_page]
[956]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76D3D690-->00000000 [unknown_code_page]
[956]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76D3F3A4-->00000000 [unknown_code_page]
[956]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76D86DDF-->00000000 [unknown_code_page]
[956]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76D3DB09-->00000000 [unknown_code_page]
[956]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x770D36D1-->00000000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

by **deltalima** » August 28th, 2010, 11:33 am

Hi steveacan,

Run OTL Script

Right click OTL.exe and select Run as Administrator.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code: Select all

:otl
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-2568107201-3685462955-568167714-1000..\Run: [Wfini] C:\Users\steveacan\AppData\Local\ojamopajeboyorad.DLL File not found
:commands
[EMPTYTEMP]
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a quick scan with Malwarebytes and post the log in your next reply.

by **steveacan** » August 28th, 2010, 3:54 pm

Thank you,

All processes killed
========== OTL ==========
::1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2568107201-3685462955-568167714-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wfini deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: steveacan
->Temp folder emptied: 558141997 bytes
->Temporary Internet Files folder emptied: 620553675 bytes
->Java cache emptied: 9479009 bytes
->Flash cache emptied: 137349 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30552610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3390424741 bytes

Total Files Cleaned = 4,396.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08282010_092308

Files\Folders moved on Reboot...
C:\Users\steveacan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TXHWC6FL\viewtopic[1].htm moved successfully.
C:\Users\steveacan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\steveacan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\mcafee_gvLfNPnntNlXbs3 not found!
File\Folder C:\Windows\temp\mcmsc_duksu3sbtd7lXuY not found!
File\Folder C:\Windows\temp\mcmsc_fF4vYT70h79nKEY not found!
File\Folder C:\Windows\temp\mcmsc_kvEGBF6vcIlTyPh not found!
File\Folder C:\Windows\temp\mcmsc_u4oT1GfyAsLqhHn not found!
File\Folder C:\Windows\temp\sqlite_b5huXR6RzUqfZcQ not found!
File\Folder C:\Windows\temp\sqlite_DL8idKnLfxWj5HZ not found!
File\Folder C:\Windows\temp\sqlite_pa91btcxK2wt2wZ not found!
File\Folder C:\Windows\temp\sqlite_Y8T7QdPCYwPeNwV not found!
File\Folder C:\Windows\temp\TMP0000005DBF7399587D3570D2 not found!

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4431

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/28/2010 9:48:45 AM
mbam-log-2010-08-28 (09-48-45).txt

Scan type: Quick scan
Objects scanned: 130573
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

by **deltalima** » August 28th, 2010, 4:07 pm

Hi steveacan,

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply and also let me know how your computer is running now.

by **steveacan** » August 29th, 2010, 4:27 am

Thank you again,

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 28, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 28, 2010 16:20:40
Records in database: 4166873
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Objects scanned: 173251
Threats found: 1
Infected objects found: 0
Suspicious objects found: 7
Scan duration: 02:34:30

File name / Threat / Threats count
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Ebay\75031DF2-000000E7.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\18050D05-00000056.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\1F770D41-00000119.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\2167250F-0000004A.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\23AF2C70-00000070.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\65C400EC-00000049.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Sent items\70654826-0000019F.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

You are wonderful, now when I restart it there pop up window does not come up, nothing is noticably wrong any longer, & it seems alot faster. thank you again
Before we are done I would like to ask you how can I get the windows messenger from opening at windows start up. I have taken out of the start up menu, un checked it so it will not open & it seems to re check it in start up automatically, cannot make it quit opening at start up, can you tell me how?

by **deltalima** » August 29th, 2010, 6:36 am

Hi steveacan,

Threats found: 1

The infections detected by Kaspersky are stored in email attachments in your Hotmail email.

Please check though your emails (and sent items) to see if there are any emails with attachments and delete any attachments that you do not recognise and cannot trust. Next empty deleted items.

Once this is done then please go – Options – Advanced – Maintenance – Clean up Now within Windows Live Mail.

Next run another Kaspersky scan. This may need to be done several times until the infected email can be eliminated.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.

Download the latest version of Java Runtime Environment (JRE) 6 Here
Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
Click the orange Download JRE button to the right
Select the Windows platform from the dropdown menu
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
Click on the link to download Windows Offline Installation & save the file to your desktop
Close any programs you may have running - especially your web browser
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

by **steveacan** » August 30th, 2010, 4:18 am

I have deleted over 5000 emails in every folder thought to have the infected email, ran another scan & it says there is 1 more infected file with a trojan spyware but I can't find it, the file infected is

C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Ebay\75031DF2-000000E7.eml

But this file is on the C drive, correct? Not an email? And I thought the computer would find any file on the C drive but it will not find this one, can you tell how to find it by the name?

by **deltalima** » August 30th, 2010, 5:53 am

Hi steveacan,

the file infected is

C:\Users\steveacan\AppData\Local\Microsoft\Windows Live Mail\Hotmail (St 819\Ebay\75031DF2-000000E7.eml

But this file is on the C drive, correct? Not an email?

Unfortunately it is both, Windows Live keeps a copy of the email on the local C: drive and also on the mail server, just deleting the file off C: would leave the infected email on the server.

The only way to remove the infected email is to delete it from within the email application, this will also remove the file off C: (as with the infected emails that you removed above).

It can be difficult to identify the infected email, the only information that I can give you is that it will be in a folder named Ebay.

by **NonSuch** » August 31st, 2010, 4:42 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Virus Malware possible, please help, thank you

Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Re: Virus Malware possible, please help, thank you

Who is online