Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: need help with this plz (win32.tdss.reg)

  1. #1
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default need help with this plz (win32.tdss.reg)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:53:32, on 04/07/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2070107
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203731462390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1180963787375
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: McAfee Application Installer Cleanup (0151801245870868) (0151801245870868mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0151801245870868mcinst.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Advanced Networking Service (hnmsvc) - Unknown owner - C:\Program Files\Dell Network Assistant\hnm_svc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 10862 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi lex200

    Please post next spybot report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default not sure if this is the right but here you go

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-20 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-09-15 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi
    2009-06-02 Includes\AdwareC.sbi
    2009-01-22 Includes\Cookies.sbi
    2009-05-19 Includes\Dialer.sbi
    2009-06-02 Includes\DialerC.sbi
    2009-01-22 Includes\HeavyDuty.sbi
    2009-05-26 Includes\Hijackers.sbi
    2009-06-23 Includes\HijackersC.sbi
    2009-06-23 Includes\Keyloggers.sbi
    2009-06-30 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2009-06-30 Includes\Malware.sbi
    2009-06-30 Includes\MalwareC.sbi
    2009-03-25 Includes\PUPS.sbi
    2009-06-30 Includes\PUPSC.sbi
    2009-01-22 Includes\Revision.sbi
    2009-01-13 Includes\Security.sbi
    2009-06-02 Includes\SecurityC.sbi
    2008-06-03 Includes\Spybots.sbi
    2008-06-03 Includes\SpybotsC.sbi
    2009-04-07 Includes\Spyware.sbi
    2009-06-02 Includes\SpywareC.sbi
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi
    2009-06-30 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
    / Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
    / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB971180)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Security Update for Windows XP (KB929969)
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Hotfix for Windows XP (KB942288-v3)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Security Update for Windows XP (KB954211)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956391)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956841)
    / Windows XP / SP4: Security Update for Windows XP (KB957095)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958690)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960715)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961373)
    / Windows XP / SP4: Security Update for Windows XP (KB961501)
    / Windows XP / SP4: Update for Windows XP (KB967715)
    / Windows XP / SP4: Security Update for Windows XP (KB968537)
    / Windows XP / SP4: Security Update for Windows XP (KB969898)
    / Windows XP / SP4: Security Update for Windows XP (KB970238)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, amd_dc_opt
    command: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    file: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    size: 77824
    MD5: EBC0E8C0A4DDA2C32A7D5863462A321A

    Located: HK_LM:Run, IntelliPoint
    command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    size: 849280
    MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF

    Located: HK_LM:Run, itype
    command: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\itype.exe
    size: 813912
    MD5: F2E2AAD0EE3E886161A907F473A10B20

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep 0 -k
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, mcagent_exe
    command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 645328
    MD5: 88A8EBA41A7FE46167D10975DC15BC4A

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: stsystra.exe
    file: C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, DWQueuedReporting
    where: .DEFAULT...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 435096
    MD5: BCE986B97974DFBB7302C9990F3511A8

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-2606577421-1681171435-465083108-1005...
    command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:RunOnce, NeroHomeFirstStart
    where: S-1-5-21-2606577421-1681171435-465083108-500...
    command: "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
    file: C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    size: 139264
    MD5: 3DBE5B70FCA1F15BE651A5EB02594B84

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, MSMSGS
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1695232
    MD5: 3E930C641079443D4DE036167A69CAA2

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C

    Located: HK_CU:Run, QuickTime Task
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 413696
    MD5: 6CD5C3276C83F72677D647F27EE14ABD

    Located: HK_CU:Run, swg
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, DWQueuedReporting
    where: S-1-5-18...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 435096
    MD5: BCE986B97974DFBB7302C9990F3511A8

    Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
    where: C:\Documents and Settings\Guest\Start Menu\Programs\Startup...
    command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    size: 98696
    MD5: A6D772AA861E673636D48B6EB452ADE3

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name:
    Date (created): 27/02/2009 13:07:26
    Date (last access): 14/03/2009 14:16:32
    Date (last write): 27/02/2009 13:07:26
    Filesize: 75128
    Attributes: archive
    MD5: 5CF6190CD875DA6B35256FEE573E7908
    CRC32: 764BA81B
    Version: 9.1.0.163

    {27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: McAfee Phishing Filter
    CLSID name: McAfee Phishing Filter
    Path: c:\PROGRA~1\mcafee\msk\
    Long name: mskapbho.dll
    Short name:
    Date (created): 08/12/2008 03:03:26
    Date (last access): 09/01/2009 09:22:10
    Date (last write): 09/01/2009 09:22:10
    Filesize: 246800
    Attributes: archive
    MD5: 427E479ACD4F1C4A21CD2C7911B07014
    CRC32: E1018A4F
    Version: 10.3.109.0

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 20/03/2009 17:47:04
    Date (last access): 22/03/2009 03:06:54
    Date (last write): 15/09/2008 15:25:44
    Filesize: 1562960
    Attributes: readonly hidden sysfile archive
    MD5: 35F73F1936BDE91F1B6995510A61E7A8
    CRC32: BE6A5D15
    Version: 1.6.2.14

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\Program Files\Microsoft Office\Office12\
    Long name: GrooveShellExtensions.dll
    Short name:
    Date (created): 12/02/2009 15:19:32
    Date (last access): 16/06/2009 20:21:26
    Date (last write): 12/02/2009 15:19:32
    Filesize: 2217848
    Attributes: archive
    MD5: A6B5A41C0ED007AB6C43CAD899E533D8
    CRC32: BA078F79
    Version: 12.0.6421.1000

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files\McAfee\VirusScan\
    Long name: scriptsn.dll
    Short name:
    Date (created): 07/06/2008 14:32:34
    Date (last access): 25/03/2009 11:05:56
    Date (last write): 25/03/2009 11:05:56
    Filesize: 62784
    Attributes: archive
    MD5: 20A51E0AA981268CBA3C714A188DA15B
    CRC32: F9AA83AA
    Version: 14.0.0.423

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 17/02/2009 17:11:04
    Date (last access): 13/03/2009 20:35:34
    Date (last write): 17/02/2009 17:11:04
    Filesize: 408440
    Attributes: archive
    MD5: 1A82C1B9BB43385695EFC3A84F6756A2
    CRC32: 75E558CA
    Version: 5.0.818.6

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: McAfee SiteAdvisor BHO
    Path: c:\PROGRA~1\mcafee\SITEAD~1\
    Long name: McIEPlg.dll
    Short name:
    Date (created): 07/12/2008 03:24:42
    Date (last access): 13/03/2009 20:38:16
    Date (last write): 14/11/2008 13:25:26
    Filesize: 150032
    Attributes: archive
    MD5: 623CA938B77D445B41846447B2F991C8
    CRC32: 13AA1784
    Version: 1.0.2.155

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 27/03/2009 17:27:44
    Date (last access): 27/03/2009 17:27:44
    Date (last write): 27/03/2009 17:27:44
    Filesize: 35840
    Attributes: archive
    MD5: 96A225C7F5346A9E81FC3DFA89A900C0
    CRC32: BAD5D2EF
    Version: 6.0.130.3

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: JQSIEStartDetectorImpl
    CLSID name: JQSIEStartDetectorImpl Class
    Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
    Long name: jqs_plugin.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 73728
    Attributes: archive
    MD5: 53F8B53918C839F76367B7E612B742B1
    CRC32: 735F7F91
    Version: 6.0.130.3



    --- ActiveX list ---
    {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class)
    DPF name:
    CLSID name: Solitaire Showdown Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary...n.cab56986.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: SolitaireShowdown.dll
    Short name: SOLITA~1.DLL
    Date (created): 28/02/2007 14:21:04
    Date (last access): 27/02/2009 23:43:18
    Date (last write): 28/02/2007 14:21:04
    Filesize: 142248
    Attributes: archive
    MD5: 93F7304161C8CB7C335F99D9232BD347
    CRC32: 91D38231
    Version: 9.5.6986.1

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
    Codebase: http://www.update.microsoft.com/wind...?1203731462390
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 16/08/2005 05:40:18
    Date (last access): 10/03/2009 23:53:28
    Date (last write): 16/10/2008 15:13:40
    Filesize: 202776
    Attributes: archive
    MD5: 1865594AFE88C27A127FF4CF492734B0
    CRC32: F48FD025
    Version: 7.2.6001.788

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer:
    Codebase: http://update.microsoft.com/microsof...?1180963787375
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 26/05/2005 05:19:32
    Date (last access): 10/03/2009 23:53:10
    Date (last write): 16/10/2008 15:06:48
    Filesize: 208744
    Attributes: archive
    MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
    CRC32: 27FBFA7D
    Version: 7.2.6001.788

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
    DPF name:
    CLSID name: MessengerStatsClient Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary...t.cab56907.cab
    description:
    classification: Legitimate
    known filename: MessengerStatsPAClient.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: MessengerStatsPAClient.dll
    Short name: MESSEN~1.DLL
    Date (created): 22/02/2007 23:41:12
    Date (last access): 27/02/2009 23:43:18
    Date (last write): 22/02/2007 23:41:12
    Filesize: 304544
    Attributes: archive
    MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
    CRC32: 0F12FD23
    Version: 9.5.6907.1

    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10b.ocx
    Short name:
    Date (created): 03/02/2009 03:07:18
    Date (last access): 16/06/2009 16:27:00
    Date (last write): 03/02/2009 03:07:18
    Filesize: 3866528
    Attributes: readonly archive
    MD5: 8AFC17155ED5AB60B7C52D7F553D579C
    CRC32: 0FBC13F3
    Version: 10.0.22.87



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 452 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 660 ( 452) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 800 ( 452) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 924 ( 800) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 936 ( 800) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 1172 ( 924) C:\WINDOWS\system32\Ati2evxx.exe
    size: 409600
    MD5: C23082B890F21267037CA6111C385FF3
    PID: 1216 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1412 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1456 ( 924) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1492 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1688 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1880 ( 924) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
    PID: 1964 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2004 ( 924) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 144712
    MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    PID: 2020 ( 924) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 238888
    MD5: 3F56903E124E820AEECE6D471583C6C1
    PID: 2040 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 240 ( 924) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    size: 258103
    MD5: 0F2CD70A636FCD7362F5DAE96AFDF17F
    PID: 336 ( 924) C:\Program Files\Java\jre6\bin\jqs.exe
    size: 152984
    MD5: 890369AED0DDE1A98F09F7DC239CA2BD
    PID: 392 ( 924) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    size: 206096
    MD5: 02DD571C055A6644E8CF952058D4BA9C
    PID: 476 ( 924) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    size: 797864
    MD5: 5F2E238661F79CC2D0347F0265BF0063
    PID: 348 ( 924) c:\program files\common files\mcafee\mna\mcnasvc.exe
    size: 2482848
    MD5: AA490BFB95998686AF46FDCD8093443B
    PID: 656 ( 924) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    size: 359952
    MD5: 5A8D1ACD2070B8261236D5484AE63721
    PID: 724 ( 924) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    size: 144704
    MD5: 0C53EFC1DD2318A235EC628A41E05312
    PID: 1260 ( 924) C:\Program Files\McAfee\MPF\MPFSrv.exe
    size: 884360
    MD5: DE51C0969EE26777D2D10C5CF70538FA
    PID: 1556 ( 924) C:\Program Files\McAfee\MSK\MskSrver.exe
    size: 26640
    MD5: 9A55CFA5F970BB407C7F639D19578A89
    PID: 1508 ( 924) C:\WINDOWS\system32\HPZipm12.exe
    size: 73728
    MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
    PID: 1708 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1772 ( 924) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    size: 53307
    MD5: CCFDECD6060EA8EB0F8466782A97FF21
    PID: 1840 (1772) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    size: 5203968
    MD5: 95A3BE8657A83652E27280E856A3E7C5
    PID: 2876 ( 924) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 8C515081584A38AA007909CD02020B3D
    PID: 1476 (1456) C:\WINDOWS\system32\wuauclt.exe
    size: 51224
    MD5: E654B78D2F1D791B30D0ED9A8195EC22
    PID: 2748 (1216) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    size: 645328
    MD5: 88A8EBA41A7FE46167D10975DC15BC4A
    PID: 2820 (2604) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 520 (2820) C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254
    PID: 1148 (2820) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    size: 813912
    MD5: F2E2AAD0EE3E886161A907F473A10B20
    PID: 708 (2820) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    size: 849280
    MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF
    PID: 1728 (2820) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C
    PID: 1616 (2820) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
    PID: 3820 ( 924) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    size: 606736
    MD5: 9C2BA4C40B94D049539AD99235715A9A
    PID: 1340 (2820) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 3304 (1340) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 2060 (2820) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 06/07/2009 21:27:50

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.co.uk/webhp?hl=en
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD RfComm [Bluetooth]
    GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD RfComm [Bluetooth]

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7933F12-CB71-41AC-B5B2-BFF23857323A}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7933F12-CB71-41AC-B5B2-BFF23857323A}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{430ECC8B-1CC9-4793-BA49-0F8139D9BC85}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{430ECC8B-1CC9-4793-BA49-0F8139D9BC85}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F93F3702-4998-4712-B382-D9F208B21225}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F93F3702-4998-4712-B382-D9F208B21225}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4660E909-49F3-45D2-A12D-999DC7E340EB}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4660E909-49F3-45D2-A12D-999DC7E340EB}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C4BC2B4-6CBC-4E47-AF10-3ABFC2B34194}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C4BC2B4-6CBC-4E47-AF10-3ABFC2B34194}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCF58095-1582-49DD-9007-B09A9FF8ABF0}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCF58095-1582-49DD-9007-B09A9FF8ABF0}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{718FDF74-7835-4848-B3B2-7CFEB8BB3818}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{718FDF74-7835-4848-B3B2-7CFEB8BB3818}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6A5AFF-F8CD-4486-B169-C8CCC9CB55E5}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6A5AFF-F8CD-4486-B169-C8CCC9CB55E5}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: Bluetooth Namespace
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

    Namespace Provider 4: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  4. #4
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default this is a fresh report

    --- Search result list ---
    Win32.TDSS.reg: [SBI $48FC2A86] System Service (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-20 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-09-15 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-06-02 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-06-02 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-06-23 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-06-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-06-30 Includes\Malware.sbi (*)
    2009-06-30 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-06-30 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-06-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi (*)
    2009-06-30 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
    / Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
    / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB971180)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Security Update for Windows XP (KB929969)
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Hotfix for Windows XP (KB942288-v3)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Security Update for Windows XP (KB954211)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956391)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956841)
    / Windows XP / SP4: Security Update for Windows XP (KB957095)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958690)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960715)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961373)
    / Windows XP / SP4: Security Update for Windows XP (KB961501)
    / Windows XP / SP4: Update for Windows XP (KB967715)
    / Windows XP / SP4: Security Update for Windows XP (KB968537)
    / Windows XP / SP4: Security Update for Windows XP (KB969898)
    / Windows XP / SP4: Security Update for Windows XP (KB970238)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, amd_dc_opt
    command: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    file: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    size: 77824
    MD5: EBC0E8C0A4DDA2C32A7D5863462A321A

    Located: HK_LM:Run, IntelliPoint
    command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    size: 849280
    MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF

    Located: HK_LM:Run, itype
    command: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\itype.exe
    size: 813912
    MD5: F2E2AAD0EE3E886161A907F473A10B20

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep 0 -k
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, mcagent_exe
    command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 645328
    MD5: 88A8EBA41A7FE46167D10975DC15BC4A

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: stsystra.exe
    file: C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, DWQueuedReporting
    where: .DEFAULT...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 435096
    MD5: BCE986B97974DFBB7302C9990F3511A8

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-2606577421-1681171435-465083108-1005...
    command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:RunOnce, NeroHomeFirstStart
    where: S-1-5-21-2606577421-1681171435-465083108-500...
    command: "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
    file: C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    size: 139264
    MD5: 3DBE5B70FCA1F15BE651A5EB02594B84

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, MSMSGS
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1695232
    MD5: 3E930C641079443D4DE036167A69CAA2

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C

    Located: HK_CU:Run, QuickTime Task
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 413696
    MD5: 6CD5C3276C83F72677D647F27EE14ABD

    Located: HK_CU:Run, swg
    where: S-1-5-21-2606577421-1681171435-465083108-501...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, DWQueuedReporting
    where: S-1-5-18...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 435096
    MD5: BCE986B97974DFBB7302C9990F3511A8

    Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
    where: C:\Documents and Settings\Guest\Start Menu\Programs\Startup...
    command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    size: 98696
    MD5: A6D772AA861E673636D48B6EB452ADE3

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name:
    Date (created): 27/02/2009 13:07:26
    Date (last access): 14/03/2009 14:16:32
    Date (last write): 27/02/2009 13:07:26
    Filesize: 75128
    Attributes: archive
    MD5: 5CF6190CD875DA6B35256FEE573E7908
    CRC32: 764BA81B
    Version: 9.1.0.163

    {27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: McAfee Phishing Filter
    CLSID name: McAfee Phishing Filter
    Path: c:\PROGRA~1\mcafee\msk\
    Long name: mskapbho.dll
    Short name:
    Date (created): 08/12/2008 03:03:26
    Date (last access): 09/01/2009 09:22:10
    Date (last write): 09/01/2009 09:22:10
    Filesize: 246800
    Attributes: archive
    MD5: 427E479ACD4F1C4A21CD2C7911B07014
    CRC32: E1018A4F
    Version: 10.3.109.0

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 20/03/2009 17:47:04
    Date (last access): 22/03/2009 03:06:54
    Date (last write): 15/09/2008 15:25:44
    Filesize: 1562960
    Attributes: readonly hidden sysfile archive
    MD5: 35F73F1936BDE91F1B6995510A61E7A8
    CRC32: BE6A5D15
    Version: 1.6.2.14

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\Program Files\Microsoft Office\Office12\
    Long name: GrooveShellExtensions.dll
    Short name:
    Date (created): 12/02/2009 15:19:32
    Date (last access): 16/06/2009 20:21:26
    Date (last write): 12/02/2009 15:19:32
    Filesize: 2217848
    Attributes: archive
    MD5: A6B5A41C0ED007AB6C43CAD899E533D8
    CRC32: BA078F79
    Version: 12.0.6421.1000

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files\McAfee\VirusScan\
    Long name: scriptsn.dll
    Short name:
    Date (created): 07/06/2008 14:32:34
    Date (last access): 25/03/2009 11:05:56
    Date (last write): 25/03/2009 11:05:56
    Filesize: 62784
    Attributes: archive
    MD5: 20A51E0AA981268CBA3C714A188DA15B
    CRC32: F9AA83AA
    Version: 14.0.0.423

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 17/02/2009 17:11:04
    Date (last access): 13/03/2009 20:35:34
    Date (last write): 17/02/2009 17:11:04
    Filesize: 408440
    Attributes: archive
    MD5: 1A82C1B9BB43385695EFC3A84F6756A2
    CRC32: 75E558CA
    Version: 5.0.818.6

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: McAfee SiteAdvisor BHO
    Path: c:\PROGRA~1\mcafee\SITEAD~1\
    Long name: McIEPlg.dll
    Short name:
    Date (created): 07/12/2008 03:24:42
    Date (last access): 13/03/2009 20:38:16
    Date (last write): 14/11/2008 13:25:26
    Filesize: 150032
    Attributes: archive
    MD5: 623CA938B77D445B41846447B2F991C8
    CRC32: 13AA1784
    Version: 1.0.2.155

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 27/03/2009 17:27:44
    Date (last access): 27/03/2009 17:27:44
    Date (last write): 27/03/2009 17:27:44
    Filesize: 35840
    Attributes: archive
    MD5: 96A225C7F5346A9E81FC3DFA89A900C0
    CRC32: BAD5D2EF
    Version: 6.0.130.3

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: JQSIEStartDetectorImpl
    CLSID name: JQSIEStartDetectorImpl Class
    Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
    Long name: jqs_plugin.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 73728
    Attributes: archive
    MD5: 53F8B53918C839F76367B7E612B742B1
    CRC32: 735F7F91
    Version: 6.0.130.3



    --- ActiveX list ---
    {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class)
    DPF name:
    CLSID name: Solitaire Showdown Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary...n.cab56986.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: SolitaireShowdown.dll
    Short name: SOLITA~1.DLL
    Date (created): 28/02/2007 14:21:04
    Date (last access): 27/02/2009 23:43:18
    Date (last write): 28/02/2007 14:21:04
    Filesize: 142248
    Attributes: archive
    MD5: 93F7304161C8CB7C335F99D9232BD347
    CRC32: 91D38231
    Version: 9.5.6986.1

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
    Codebase: http://www.update.microsoft.com/wind...?1203731462390
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 16/08/2005 05:40:18
    Date (last access): 10/03/2009 23:53:28
    Date (last write): 16/10/2008 15:13:40
    Filesize: 202776
    Attributes: archive
    MD5: 1865594AFE88C27A127FF4CF492734B0
    CRC32: F48FD025
    Version: 7.2.6001.788

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer:
    Codebase: http://update.microsoft.com/microsof...?1180963787375
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 26/05/2005 05:19:32
    Date (last access): 10/03/2009 23:53:10
    Date (last write): 16/10/2008 15:06:48
    Filesize: 208744
    Attributes: archive
    MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
    CRC32: 27FBFA7D
    Version: 7.2.6001.788

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
    DPF name:
    CLSID name: MessengerStatsClient Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary...t.cab56907.cab
    description:
    classification: Legitimate
    known filename: MessengerStatsPAClient.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: MessengerStatsPAClient.dll
    Short name: MESSEN~1.DLL
    Date (created): 22/02/2007 23:41:12
    Date (last access): 27/02/2009 23:43:18
    Date (last write): 22/02/2007 23:41:12
    Filesize: 304544
    Attributes: archive
    MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
    CRC32: 0F12FD23
    Version: 9.5.6907.1

    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name:
    Date (created): 27/03/2009 17:27:46
    Date (last access): 27/03/2009 17:27:46
    Date (last write): 27/03/2009 17:27:46
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10b.ocx
    Short name:
    Date (created): 03/02/2009 03:07:18
    Date (last access): 16/06/2009 16:27:00
    Date (last write): 03/02/2009 03:07:18
    Filesize: 3866528
    Attributes: readonly archive
    MD5: 8AFC17155ED5AB60B7C52D7F553D579C
    CRC32: 0FBC13F3
    Version: 10.0.22.87



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 452 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 660 ( 452) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 800 ( 452) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 924 ( 800) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 936 ( 800) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 1172 ( 924) C:\WINDOWS\system32\Ati2evxx.exe
    size: 409600
    MD5: C23082B890F21267037CA6111C385FF3
    PID: 1216 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1412 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1456 ( 924) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1492 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1688 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1880 ( 924) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
    PID: 1964 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2004 ( 924) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 144712
    MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    PID: 2020 ( 924) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 238888
    MD5: 3F56903E124E820AEECE6D471583C6C1
    PID: 2040 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 240 ( 924) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    size: 258103
    MD5: 0F2CD70A636FCD7362F5DAE96AFDF17F
    PID: 336 ( 924) C:\Program Files\Java\jre6\bin\jqs.exe
    size: 152984
    MD5: 890369AED0DDE1A98F09F7DC239CA2BD
    PID: 392 ( 924) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    size: 206096
    MD5: 02DD571C055A6644E8CF952058D4BA9C
    PID: 476 ( 924) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    size: 797864
    MD5: 5F2E238661F79CC2D0347F0265BF0063
    PID: 348 ( 924) c:\program files\common files\mcafee\mna\mcnasvc.exe
    size: 2482848
    MD5: AA490BFB95998686AF46FDCD8093443B
    PID: 656 ( 924) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    size: 359952
    MD5: 5A8D1ACD2070B8261236D5484AE63721
    PID: 724 ( 924) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    size: 144704
    MD5: 0C53EFC1DD2318A235EC628A41E05312
    PID: 1260 ( 924) C:\Program Files\McAfee\MPF\MPFSrv.exe
    size: 884360
    MD5: DE51C0969EE26777D2D10C5CF70538FA
    PID: 1556 ( 924) C:\Program Files\McAfee\MSK\MskSrver.exe
    size: 26640
    MD5: 9A55CFA5F970BB407C7F639D19578A89
    PID: 1508 ( 924) C:\WINDOWS\system32\HPZipm12.exe
    size: 73728
    MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
    PID: 1708 ( 924) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1772 ( 924) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    size: 53307
    MD5: CCFDECD6060EA8EB0F8466782A97FF21
    PID: 1840 (1772) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    size: 5203968
    MD5: 95A3BE8657A83652E27280E856A3E7C5
    PID: 2876 ( 924) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 8C515081584A38AA007909CD02020B3D
    PID: 2748 (1216) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    size: 645328
    MD5: 88A8EBA41A7FE46167D10975DC15BC4A
    PID: 2820 (2604) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 520 (2820) C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254
    PID: 1148 (2820) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    size: 813912
    MD5: F2E2AAD0EE3E886161A907F473A10B20
    PID: 708 (2820) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    size: 849280
    MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF
    PID: 1728 (2820) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C
    PID: 1616 (2820) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
    PID: 3820 ( 924) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    size: 606736
    MD5: 9C2BA4C40B94D049539AD99235715A9A
    PID: 1340 (2820) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 2060 (2820) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System
    PID: 3780 (1340) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 06/07/2009 22:02:15

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.co.uk/webhp?hl=en
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD RfComm [Bluetooth]
    GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD RfComm [Bluetooth]

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7933F12-CB71-41AC-B5B2-BFF23857323A}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7933F12-CB71-41AC-B5B2-BFF23857323A}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{430ECC8B-1CC9-4793-BA49-0F8139D9BC85}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{430ECC8B-1CC9-4793-BA49-0F8139D9BC85}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F93F3702-4998-4712-B382-D9F208B21225}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F93F3702-4998-4712-B382-D9F208B21225}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4660E909-49F3-45D2-A12D-999DC7E340EB}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4660E909-49F3-45D2-A12D-999DC7E340EB}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C4BC2B4-6CBC-4E47-AF10-3ABFC2B34194}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C4BC2B4-6CBC-4E47-AF10-3ABFC2B34194}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCF58095-1582-49DD-9007-B09A9FF8ABF0}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCF58095-1582-49DD-9007-B09A9FF8ABF0}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{718FDF74-7835-4848-B3B2-7CFEB8BB3818}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{718FDF74-7835-4848-B3B2-7CFEB8BB3818}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6A5AFF-F8CD-4486-B169-C8CCC9CB55E5}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6A5AFF-F8CD-4486-B169-C8CCC9CB55E5}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: Bluetooth Namespace
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

    Namespace Provider 4: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That looks clean to me.

    Does it find something upon rescan?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default win32tdss.reg

    Computer is running fine no problems but I scanned it with spybot and it found win32.tdss.reg fix the problem only to find that it was there on the next scan and every 1 since cant get rid of it. i also scanned it with mcafee and Malware bytes' Anti-Malware but both came up clean. i will attach a fresh hjt log.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:36:01, on 08/07/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2070107
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203731462390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1180963787375
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: McAfee Application Installer Cleanup (0151801245870868) (0151801245870868mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0151801245870868mcinst.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Advanced Networking Service (hnmsvc) - Unknown owner - C:\Program Files\Dell Network Assistant\hnm_svc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 10740 bytes

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Download gmer.zip and save to your desktop.
    alternate download site
    • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
    • When you have done this, disconnect from the Internet and close all running programs.
      There is a small chance this application may crash your computer so save any work you have open.
    • Double-click on Gmer.exe to start the program.
    • Allow the gmer.sys driver to load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
    • Click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    • Click on the "Scan" and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in SAFE MODE"

    Important! Please do not select the "Show all" checkbox during the scan..
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default part 1 of 2

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-07-09 07:33:11
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA8BC54EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA8BC5581]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8BC5498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA8BC54AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA8BC5595]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA8BC55C1]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA8BC562F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA8BC5619]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA8BC552A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA8BC565B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA8BC556D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA8BC5470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA8BC5484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA8BC54FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA8BC5697]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA8BC5603]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA8BC55ED]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA8BC55AB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA8BC5683]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA8BC566F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA8BC54D6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA8BC54C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA8BC55D7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA8BC5559]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA8BC5645]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA8BC5540]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA8BC5514]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A8BC5518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00060079
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00060068
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0006004D
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00060032
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00060FA1
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00060F4C
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00060094
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000600E5
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000600C0
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000600F6
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00060F90
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00060FDE
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00060F69
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00060FB2
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00060FC3
    .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000600AF
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0005001B
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00050058
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00050FCA
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00050000
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00050047
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00050FE5
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00050036
    .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00050FAF
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00040064
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00040049
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0004001D
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00040038
    .text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00040000
    .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0003000A
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00060000
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00060056
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00060F61
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0006002F
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00060F7C
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00060FA8
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00060F30
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00060078
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000600AB
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0006009A
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000600C6
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00060F97
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00060067
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00060FCD
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00060FDE
    .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00060089
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00050FB9
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00050F57
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0005000A
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00050FDE
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00050F68
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00050FEF
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00050F79
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [25, 88]
    .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00050F94
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00040F8D
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00040FA8
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00040011
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00040022
    .text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00040000
    .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0003000A
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A0FEF
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009A0096
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A0071
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A0F97
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A0FA8
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A0FCD
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009A00C4
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009A00A7
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A0F57
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A00E6
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A010B
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A0054
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A0FDE
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009A0F86
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009A002F
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009A001E
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A00D5
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0099002F
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0099008A
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990FD4
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0099000A
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990065
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00990FEF
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FC3
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990040
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0098004C
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980031
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FD2
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980000
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980FB7
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980FE3
    .text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FEF
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60F8A
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B6007F
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60F9B
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60058
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B60047
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B600AB
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B60F63
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B600E1
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B600C6
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B600FC
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B60FC0
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B6000A
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B6009A
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B60036
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B60025
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B60F3E
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B50040
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B50FAF
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B50FE5
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B50011
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B50FCA
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B50000
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B5006C
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B5005B
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B40FB9
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B40FD4
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B40029
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B40FEF
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B40044
    .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B4000C
    .text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B30FEF
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03730000
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03730F4B
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03730F5C
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03730F6D
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03730F8A
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03730FCA
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03730076
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03730F2E
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037300A5
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03730F0C
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03730EF1
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03730FAF
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03730011
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03730065
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0373002C
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03730FDB
    .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03730F1D
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03720047
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03720FAC
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0372002C
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0372001B
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03720069
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03720000
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03720FD1
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [92, 8B]
    .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03720058
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0371002E
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!system 77C293C7 5 Bytes JMP 0371001D
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03710FD2
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03710000
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03710FAD
    .text C:\WINDOWS\System32\svchost.exe[1456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03710FE3
    .text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03700FE5
    .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 02CC0FEF
    .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 02CC0000
    .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 02CC0FCA
    .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 02CC001B
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00290F57
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00290056
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00290F7C
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00290039
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00290FA1
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00290F29
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00290F46
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00290EF3
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00290F0E
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002900A7
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00290028
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00290FDE
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00290067
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00290FB2
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00290FC3
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00290082
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00280025
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00280F72
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00280FD4
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00280000
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00280F8D
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00280FEF
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00280FA8
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [48, 88]
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00280FB9
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00270FC5
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00270050
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0027002E
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00270000
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0027003F
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0027001D
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0000
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E0095
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E007A
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0069
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E004E
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0033
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E00B2
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E0F6A
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E00DE
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E0F45
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E00F9
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0FAC
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E0FE5
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E0F7B
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E0022
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E0011
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E00C3
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008D0FB9
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008D0F8D
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA

  9. #9
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default part 2 of 2

    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008D000A
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008D0040
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008D0FEF
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008D0F9E
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AD, 88]
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008D0025
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0081
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0070
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0044
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0000
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0055
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0029
    .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008B0000
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60000
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60090
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60F9B
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60069
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A60058
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A6003D
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A600BE
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A600A1
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F25
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A60F40
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A60F14
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60FB6
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A6001B
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60F76
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60FD1
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A6002C
    .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A60F51
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A5001B
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50051
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50000
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FCA
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A50F94
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50FEF
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A50FA5
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C5, 88]
    .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A5002C
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40F9C
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40FAD
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FE3
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A4000C
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FC8
    .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A4001D
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70FEF
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70F61
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A70056
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70045
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A70F7C
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70FBC
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A70F29
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70071
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A700C2
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A700B1
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A700DD
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70F97
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A70014
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A70F46
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70FCD
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70FDE
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A70096
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00810FC0
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00810051
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00810FDB
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00810011
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00810040
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00810000
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00810F9E
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A1, 88]
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00810FAF
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00800FA8
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 0080003D
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00800FCD
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00800000
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00800022
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00800011
    .text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 007E000A
    .text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 007E0FEF
    .text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 007E0025
    .text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 007E0036
    .text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007F0000
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002A000A
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002A0076
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002A0F77
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002A0F88
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002A0FAF
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002A0047
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002A00A4
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002A0093
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002A00B5
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002A0F26
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002A00D0
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002A0FC0
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002A001B
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002A0F5C
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002A0036
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002A0F41
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029001B
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9B
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FCA
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290058
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029003D
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029002C
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00280FA1
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280FB2
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280011
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280000
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0028002C
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FD7
    .text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00270000
    .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0144ED60 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll
    .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2448] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00190FE5
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0019004A
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00190F55
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00190F72
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0019002F
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00190F9E
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00190F30
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0019006C
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00190F15
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001900AE
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001900C9
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00190F83
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00190FD4
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0019005B
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0019000A
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00190FB9
    .text C:\WINDOWS\Explorer.EXE[3880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00190093
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0028002F
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00280080
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00280FDE
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0028000A
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00280065
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00280FEF
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00280054
    .text C:\WINDOWS\Explorer.EXE[3880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00280FC3
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F9A
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FAB
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FCD
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FBC
    .text C:\WINDOWS\Explorer.EXE[3880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290011
    .text C:\WINDOWS\Explorer.EXE[3880] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 002B0000
    .text C:\WINDOWS\Explorer.EXE[3880] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 002B001B
    .text C:\WINDOWS\Explorer.EXE[3880] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 002B002C
    .text C:\WINDOWS\Explorer.EXE[3880] WININET.dll!InternetOpenUrlW 3D9A6DD7 1 Byte [E9]
    .text C:\WINDOWS\Explorer.EXE[3880] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 002B0FDB
    .text C:\WINDOWS\Explorer.EXE[3880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01C30000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016383a89f2
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016383a89f2@0016b89a1eac 0xC5 0x25 0xB4 0x29 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016383a89f2@00162036fc10 0x25 0xEB 0xE5 0x04 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxboultoyxyenxjmsfyxjbaomydcnmpapm.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk@imagepath \systemroot\system32\drivers\ovfsthodymrdttptqqcyopdncraawolnojpkfp.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk@inst 0
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@ver icv310309
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@cid 01
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@bid 2021506057-2606577421-1681171435-465083108
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@aid 303431
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@sid 64
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@feed 0x22 0x64 0x78 0x36 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main@cmddelay 14401
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\delete
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\ff
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{FAFC72D4-EC82-4882-8FCD-6FF8A40CD6B5}
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\ff@version 1
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\injector
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\injector@iexplore.exe ovfsthwi.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\injector@explorer.exe ovfsthff.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\main\tasks
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsth.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsth.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsthlog.dat \systemroot\system32\ovfsthmcdjkfavgutndvntknythwsyiowjmbir.dat
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsthwi.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsthff.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthucvirudxlxhhxgdlktdcugqsbbnquevk\modules@ovfsth.dat \systemroot\system32\ovfsthrtftbnoctcedyrtjrfvvbymlghbtqenc.dat
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a89f2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a89f2@0016b89a1eac 0xC5 0x25 0xB4 0x29 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a89f2@00162036fc10 0x25 0xEB 0xE5 0x04 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016383a89f2
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016383a89f2@0016b89a1eac 0xC5 0x25 0xB4 0x29 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016383a89f2@00162036fc10 0x25 0xEB 0xE5 0x04 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{419CBC81-6C63-B8F0-9287-CBCA5B9F7FA6}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{419CBC81-6C63-B8F0-9287-CBCA5B9F7FA6}@ablgadpineiaodmckkdgdmmnbofcogdiak 0x61 0x61 0x00 0x00
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{419CBC81-6C63-B8F0-9287-CBCA5B9F7FA6}@bblgadpineiaodmckkcgcmemjapgggmojdko 0x61 0x61 0x00 0x00

    ---- EOF - GMER 1.0.15 ----

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •