TechSpot

Backdoor.bot will not go away!

By navygin21
Sep 12, 2011
  1. McAfee does not find it but MBAM does and Spybot does. Both programs will remove it but it always comes back once I restart the computer. I have even tried in safe mode. Here are the required logs, hope I did't forget anything. Could someone please take a look for me? Thanks!

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7694

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19088

    9/12/2011 09:07:02 PM
    mbam-log-2011-09-12 (21-07-02).txt

    Scan type: Quick scan
    Objects scanned: 240965
    Time elapsed: 7 minute(s), 29 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4428 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.



    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_21
    Run by Family at 20:11:05 on 2011-09-12
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.1817 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\java.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k termlfsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\Windows\diskperfm.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Family\Desktop\Scanners\gmer.exe
    C:\Windows\system\svchost.exe -k NetworkService
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110621044448.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{85F265C6-2F78-422F-BF1C-9D481E980FD1} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{EF51299E-9794-4ACC-ADAD-F679B68B1152} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{F6422208-BDC8-4E91-8A42-02DC8310A15B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
    FF - prefs.js: browser.search.selectedEngine - My Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm035U8us&ptb=FOtrFlRDXdA01XSwmP2Gog&ind=2011082700&ptnrS=ZJxdm035U8us&si=51633&n=77deafcc&psa=&st=kwd&searchfor=
    FF - component: c:\program files\firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\firefox\plugins\npRLCT4Player.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
    FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\family\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
    FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\family\appdata\roaming\Move Networks
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 459728]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-14 64648]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-14 163400]
    R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-8-14 54776]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 165000]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 159832]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 148520]
    R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57432]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-5 179248]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 337912]
    R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2007-6-8 148056]
    R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2008-6-3 144672]
    R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2008-7-31 268672]
    R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-12 31616]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-22 41272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
    S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
    S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-7-31 836384]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-3-21 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-3-21 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-5 59288]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 85984]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-5 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-5 40552]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-09-12 23:41:15 7680 ----a-w- c:\windows\system\svchost.exe
    2011-09-12 22:57:33 -------- d-----w- c:\users\family\appdata\local\temp
    2011-09-12 22:45:49 -------- d-----w- C:\$RECYCLE.BIN
    2011-09-12 22:29:47 -------- d-----w- C:\ComboFix
    2011-09-12 21:31:45 -------- d-----w- c:\users\family\appdata\local\Adobe
    2011-09-11 05:05:39 -------- d-----w- c:\program files\CCleaner
    2011-09-11 02:39:19 691 ----a-w- c:\users\family\appdata\roaming\GetValue.vbs
    2011-09-11 02:39:19 35 ----a-w- c:\users\family\appdata\roaming\SetValue.bat
    2011-08-30 00:43:07 218624 ----a-w- c:\windows\system32\tercdw32.dll
    2011-08-29 22:47:46 -------- d-----w- c:\program files\RegSupreme Pro
    2011-08-27 21:22:29 -------- d--h--w- c:\programdata\Common Files
    2011-08-27 21:17:58 -------- d-----w- c:\program files\AVG
    2011-08-27 21:17:43 -------- d-----w- c:\programdata\avg9
    2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\roaming\Tific
    2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\local\Tific
    .
    ==================== Find3M ====================
    .
    2011-08-11 11:07:08 2562 ----a-w- c:\windows\memsetk.dll
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
    2006-05-31 14:14:50 108056 ----a-w- c:\program files\common files\secman.dll
    2006-03-12 00:09:30 626176 ----a-w- c:\program files\common files\osmax.ocx
    .
    ============= FINISH: 20:12:54.73 ===============


    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/5/2009 06:10:53 AM
    System Uptime: 9/12/2011 07:35:47 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0TP406
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 255.88 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.518 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 1863 GiB total, 1311.805 GiB free.
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    5 Card Slingo Deluxe
    AAC Decoder
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    aiofw
    aioprnt
    aioscnnr
    ALZip
    Any DVD Cloner Platinum 1.0.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AutoUpdate
    AVI to DVD Converter
    Banctec Service Agreement
    Bonjour
    Brother MFL-Pro Suite
    Browser Address Error Redirector
    C4USelfUpdater
    CCleaner
    center
    CEP (Color Enable Package) v.9.0 (beta)
    Choice Guard
    Command & Conquer 3
    Compatibility Pack for the 2007 Office system
    Dell DataSafe Online
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Resource CD
    Dell Support Center (Support Software)
    Dell Webcam Center
    Dell Webcam Central
    Dell Webcam Manager
    DirectXInstallService
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    EASEUS Partition Master 7.1.1 Home Edition
    EDocs
    Facebook Plug-In
    Free Realms
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Super SpongeBob Collapse!
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Earth
    Google Update Helper
    H.264 Decoder
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections 12.1.12.4
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    KODAK AiO Home Center
    ksDIP
    Linksys EasyLink Advisor
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee Online Backup
    McAfee Total Protection
    McAfee Virtual Technician
    Memeo Instant Backup
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MKV Splitter
    Monitor Webcam Driver (1.01.02.0804)
    Move Media Player
    Mozilla Firefox (3.6.20)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music, Photos & Videos Launcher
    OGA Notifier 2.0.0048.0
    PeerBlock 1.0+ (r404)
    PreReq
    Product Documentation Launcher
    Pure Networks Platform
    QuickTime
    RegSupreme
    RegSupreme Pro
    Roxio Activation Module
    Roxio CinePlayer Decoder Pack
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Premier
    Roxio Creator Premier 10
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio Update Manager
    Seagate Dashboard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.3
    Slingo Deluxe
    Snail Mail
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Switch Sound File Converter
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims 2 University
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 Double Deluxe
    The Sims™ 2 FreeTime
    The Sims™ 2 Seasons
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    VC80CRTRedist - 8.0.50727.762
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.5
    VoiceOver Kit
    WBFS Manager 3.0
    WebEx Support Manager for Internet Explorer
    Winamp
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    XPS MiniView Gadget
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 07:02:53 AM, Error: EventLog [6008] - The previous system shutdown at 6:06:53 AM on 9/9/2011 was unexpected.
    9/9/2011 06:01:14 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:07 PM on 9/8/2011 was unexpected.
    9/9/2011 04:59:24 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
    9/9/2011 04:51:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    9/9/2011 04:50:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    9/9/2011 04:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter spldr Wanarpv6
    9/9/2011 04:48:34 PM, Error: EventLog [6008] - The previous system shutdown at 4:47:05 PM on 9/9/2011 was unexpected.
    9/9/2011 02:59:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    9/7/2011 07:37:08 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
    9/7/2011 06:56:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001EE5202071 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    9/7/2011 06:56:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0022191F8369 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    9/7/2011 02:45:57 PM, Error: EventLog [6008] - The previous system shutdown at 2:23:37 PM on 9/7/2011 was unexpected.
    9/6/2011 08:31:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    9/6/2011 08:28:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    9/6/2011 08:28:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/6/2011 08:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/6/2011 08:27:14 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:44 PM on 9/6/2011 was unexpected.
    9/6/2011 07:42:28 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Kodak with shared resource name Kodak. Error 2114. The printer cannot be used by others on the network.
    9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer KODAK ESP 5200 Series AiO with shared resource name KODAK ESP 5200 Series AiO. Error 2114. The printer cannot be used by others on the network.
    9/6/2011 06:09:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:51:03 AM on 9/6/2011 was unexpected.
    9/6/2011 02:35:45 PM, Error: EventLog [6008] - The previous system shutdown at 9:35:22 AM on 9/6/2011 was unexpected.
    9/5/2011 12:52:25 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
    9/5/2011 12:51:35 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:15 PM on 9/4/2011 was unexpected.
    9/12/2011 06:32:44 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/12/2011 06:32:42 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
    9/11/2011 01:15:19 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
    9/10/2011 11:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:04:30 PM on 9/10/2011 was unexpected.
    9/10/2011 09:50:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    9/10/2011 09:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
    .
    ==== End Of File ===========================


    will post GMER is a second message
     
  2. navygin21

    navygin21 TS Rookie Topic Starter

    GMER log part 1

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-12 21:06:08
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0
    Running: gmer.exe; Driver: C:\Users\Family\AppData\Local\Temp\kxdyrfob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B757D48]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B757D72]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B757D5E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B757D34]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 82A741A0 5 Bytes JMP 8B757D38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82C302F0 5 Bytes JMP 8B757D76 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 82C71AFE 7 Bytes JMP 8B757D4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82C72155 5 Bytes JMP 8B757D62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? System32\drivers\hpjm.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE0A000, 0x1F8A4C, 0xE8000020]
    init C:\Windows\system32\Drivers\OA002Afx.sys entry point in "init" section [0x82624310]
    PAGE spsys.sys!?SPVersion@@3PADA + 1A67 8268E03F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B58 8268E130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 8268E137 2214 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
    PAGE spsys.sys!?SPVersion@@3PADA + 2406 8268E9DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...]
    PAGE spsys.sys!?SPVersion@@3PADA + 2436 8268EA0E 44 Bytes [05, 00, 00, 39, 54, 8D, D0, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00140000
    .text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00140FC0
    .text C:\Windows\system32\services.exe[752] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00140FE5
    .text C:\Windows\system32\services.exe[752] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00130F5E
    .text C:\Windows\system32\services.exe[752] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00130F6F
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00130F2B
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00130F3C
    .text C:\Windows\system32\services.exe[752] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00130F94
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00130FD4
    .text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 00130062
    .text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 00130FA5
    .text C:\Windows\system32\services.exe[752] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 00130089
    .text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 00130051
    .text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 00130036
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 001300A4
    .text C:\Windows\system32\services.exe[752] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 00130F10
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 00130FEF
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 00130000
    .text C:\Windows\system32\services.exe[752] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 00130025
    .text C:\Windows\system32\services.exe[752] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 00130F4D
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00150FA8
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 00150FB9
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00150FEF
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 0015004A
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 0015005B
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 0015000A
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 00150FD4
    .text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 00150025
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 00160FAD
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!system 76E98B63 5 Bytes JMP 00160FBE
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 00160FD9
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 00160000
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 0016002E
    .text C:\Windows\system32\services.exe[752] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 0016001D
    .text C:\Windows\system32\services.exe[752] WS2_32.dll!socket 774936D1 5 Bytes JMP 00510FEF
    .text C:\Windows\system32\lsass.exe[764] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00A50000
    .text C:\Windows\system32\lsass.exe[764] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00A50022
    .text C:\Windows\system32\lsass.exe[764] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00A50011
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 009A0F55
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 009A0091
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 009A0F1F
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateProcessA 76B71C36 1 Byte [E9]
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 009A0F3A
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 009A0F8B
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 009A0040
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 009A0FA8
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 009A0FC3
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 009A0F7A
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 009A0065
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 009A0FD4
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 009A0080
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 009A0F0E
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 009A000A
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 009A0FEF
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 009A0025
    .text C:\Windows\system32\lsass.exe[764] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 009A00B6
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00A60F8D
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 00A60FB9
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00A60000
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 00A60FA8
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 00A60F7C
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 00A6001B
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 00A60FE5
    .text C:\Windows\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 00A60FCA
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 00A70FC6
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!system 76E98B63 5 Bytes JMP 00A70051
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 00A70FD7
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 00A70000
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 00A7002C
    .text C:\Windows\system32\lsass.exe[764] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 00A70011
    .text C:\Windows\system32\lsass.exe[764] WS2_32.dll!socket 774936D1 5 Bytes JMP 00A80FEF
    .text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00190000
    .text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00190025
    .text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00190FEF
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00180F4D
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00180089
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 001800E4
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 001800C9
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00180F72
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00180025
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 00180F83
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 00180FAF
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 00180067
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 00180F9E
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 00180036
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76BA0474 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 00180078
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 001800FF
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 00180FE5
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 00180000
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 00180FD4
    .text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 001800AE
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 001B0FA8
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 76E98B63 5 Bytes JMP 001B0FB9
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 001B0018
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 001B0033
    .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 001B0FDE
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 001A0058
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 001A0FD1
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 001A0000
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 001A0FB6
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 001A0FA5
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 001A002C
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 001A0011
    .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 001A003D
    .text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 774936D1 5 Bytes JMP 001C0FEF
    .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 000F0FEF
    .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 000F000A
    .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 000F0FD4
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000E0F48
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 000E008E
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 000E00CE
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 000E00BD
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 000E0062
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 000E0FDE
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 000E0051
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 000E0F9E
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 000E0073
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 000E0040
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 000E0FC3
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 000E0F63
     
  3. navygin21

    navygin21 TS Rookie Topic Starter

    GMER log part 2

    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 000E0F26
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 000E0025
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 000E000A
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 000E0FEF
    .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 000E0F37
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 00110064
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!system 76E98B63 5 Bytes JMP 00110049
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 00110FD9
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 00110000
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 00110038
    .text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 00110011
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00100FC0
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 00100051
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 00100062
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 00100FA5
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 0010001B
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 0010000A
    .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 00100036
    .text C:\Windows\system32\svchost.exe[1032] WS2_32.dll!socket 774936D1 5 Bytes JMP 001E0FEF
    .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00710000
    .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 0071001B
    .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00710FE5
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 006F0F61
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 006F0F72
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 006F0F2E
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 006F0F3F
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 006F0F8D
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 006F001B
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 006F0067
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 006F0FA8
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 006F0082
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 006F004A
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 006F0FB9
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 006F009D
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 006F0F1D
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 006F0FE5
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 006F0000
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 006F0FCA
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 006F0F50
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 009E0FB7
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!system 76E98B63 5 Bytes JMP 009E004C
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 009E0FD2
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 009E000C
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 009E0027
    .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 009E0FE3
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00720069
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 0072003D
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00720000
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 0072004E
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 00720084
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 00720011
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 00720FE5
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 0072002C
    .text C:\Windows\System32\svchost.exe[1108] WS2_32.dll!socket 774936D1 5 Bytes JMP 00A50FEF
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00DA0FEF
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00DA000A
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00DA0FCA
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00D500C7
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00D500B6
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00D50F55
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00D500EC
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00D5006C
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00D50FD4
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 00D50F92
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 00D50FB9
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 00D50F81
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 00D5005B
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 00D50040
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 00D50091
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 00D500FD
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 00D50000
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 00D50FEF
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 00D5001B
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 00D50F70
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 00DB0FD2
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 76E98B63 5 Bytes JMP 00DB0FE3
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 00DB002E
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 00DB0000
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 00DB0053
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 00DB0011
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00D3002F
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 00D3001E
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00D30FEF
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 00D30F8D
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 00D30F7C
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 00D30FC3
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 00D30FD4
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 00D30FB2
    .text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 774936D1 5 Bytes JMP 00DC0FEF
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 02530000
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 02530FE5
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 0253001B
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 024100B5
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 02410F6F
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 024100D0
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 02410F39
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 02410089
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 02410036
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 02410078
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 02410FB9
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 02410F94
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 02410051
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 02410FCA
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 0241009A
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 02410F14
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 02410FEF
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 02410000
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 0241001B
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 02410F54
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 025C0FA1
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!system 76E98B63 5 Bytes JMP 025C0FBC
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 025C0FD7
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 025C0000
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 025C002C
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 025C0011
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 021D0F86
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 021D0FA1
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 021D0FEF
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 021D0028
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 021D0F6B
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 021D0FC3
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 021D0FD4
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 021D0FB2
    .text C:\Windows\system32\svchost.exe[1148] WS2_32.dll!socket 774936D1 5 Bytes JMP 025D0FEF
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 0018000A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00180036
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 0018001B
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00150F1F
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00150F3A
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 001500A2
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00150087
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00150F77
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00150025
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 00150F88
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 00150036
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 00150F5C
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 00150051
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 00150FB9
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 00150F4B
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 00150EF0
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 00150FDE
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileA 76BBD171 5 Bytes JMP 00150FEF
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 76C0462E 5 Bytes JMP 0015000A
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!WinExec 76C0580B 5 Bytes JMP 00150076
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wsystem 76E98A47 5 Bytes JMP 00190042
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!system 76E98B63 5 Bytes JMP 00190FB7
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_creat 76E9C6F1 5 Bytes JMP 0019001D
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_open 76E9DA7E 5 Bytes JMP 00190000
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wcreat 76E9DC9E 5 Bytes JMP 00190FC8
    .text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wopen 76E9DE79 5 Bytes JMP 00190FE3
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 7670B5E7 5 Bytes JMP 00140FB6
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 7670B8AE 5 Bytes JMP 00140FD1
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 76710BF5 5 Bytes JMP 00140000
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 7671B83D 5 Bytes JMP 00140058
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 7671BCE1 5 Bytes JMP 00140F9B
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 7671D4E8 5 Bytes JMP 00140022
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 76723CB0 5 Bytes JMP 00140011
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 7672F09D 5 Bytes JMP 00140047
    .text C:\Windows\system32\svchost.exe[1300] WS2_32.dll!socket 774936D1 5 Bytes JMP 001A000A
    .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 77307C78 5 Bytes JMP 00D3000A
    .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 77307D38 5 Bytes JMP 00D30025
    .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 773085D8 5 Bytes JMP 00D30FEF
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 008F0091
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 008F0080
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 008F0F0E
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 008F0F1F
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 008F0F8B
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 008F0FDE
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 76B9374A 5 Bytes JMP 008F006F
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 76B9382D 5 Bytes JMP 008F0FC3
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 76B98F5E 5 Bytes JMP 008F0F70
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 76B99649 5 Bytes JMP 008F0FB2
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 76B99671 5 Bytes JMP 008F004A
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreatePipe 76BA0474 5 Bytes JMP 008F0F5F
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 76BBBAC6 5 Bytes JMP 008F0EF3
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileW 76BBCE4E 5 Bytes JMP 008F0FEF
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    GMER log is incomplete.
    It should end with "EOF" line.
    Please repost.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...