TechSpot

Help with virus or malware

By Daniel04
Jun 20, 2012
  1. Hello. I am having problems with my computer. Within the last week or two it has been pretty slow and lagging. I was hoping I could get some assistance with how to fix it. Here are my logs.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.19.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19272
    Owner :: OWNER-PC [administrator]

    6/19/2012 4:45:25 PM
    mbam-log-2012-06-19 (16-45-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217781
    Time elapsed: 7 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-19 17:59:18
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO
    Running: lbc37g52.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FA17640]

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8344E5A8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8344E5D2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8344E5BE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8344E594]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 82447992 5 Bytes JMP 8344E598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ntkrnlpa.exe!KeSetEvent + 621 824C8CE4 4 Bytes [40, 76, A1, 8F]
    PAGE ntkrnlpa.exe!ZwTerminateProcess 8260D143 5 Bytes JMP 8344E5D6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 8262C89A 7 Bytes JMP 8344E5AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8262CB5D 5 Bytes JMP 8344E5C2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00280000
    .text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00280FDE
    .text C:\Windows\system32\services.exe[700] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00280FEF
    .text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 0027008F
    .text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00270F3F
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 002700E0
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 002700BB
    .text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00270F72
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00270FE5
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00270FD4
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00270F50
    .text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00270F8D
    .text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00270F9E
    .text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00270040
    .text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00270FC3
    .text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00270F61
    .text C:\Windows\system32\services.exe[700] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00270F24
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00270011
    .text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00270000
    .text C:\Windows\system32\services.exe[700] kernel32.dll!WinExec 765560CF 5 Bytes JMP 002700A0
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 004C0FB2
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 004C004A
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 004C000A
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 004C0FC3
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 004C006F
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 004C0FDE
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 004C0FEF
    .text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 004C0039
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 004A0038
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!system 7577805B 5 Bytes JMP 004A001D
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 004A0FB7
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!_open 7577D116 5 Bytes JMP 004A0FE3
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 004A000C
    .text C:\Windows\system32\services.exe[700] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 004A0FD2
    .text C:\Windows\system32\services.exe[700] WS2_32.dll!socket 769C36D1 5 Bytes JMP 004B0000
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00200FEF
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00200FD4
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00200014
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 001F0F46
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 001F0F57
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 001F0F21
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 001F00B8
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 001F0082
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 001F0FCD
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 001F0028
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 001F0F72
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 001F0071
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 001F0FBC
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 001F0054
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 001F0043
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 001F0F83
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 001F0F06
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 001F0FDE
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 001F0FEF
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!WinExec 765560CF 5 Bytes JMP 001F009D
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00400F72
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00400F9E
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00400FE5
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00400F8D
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00400F4D
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00400FB9
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00400FCA
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00400014
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00210FAD
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!system 7577805B 5 Bytes JMP 00210FC8
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00210FE3
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_open 7577D116 5 Bytes JMP 00210000
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 0021002E
    .text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00210011
    .text C:\Windows\system32\lsass.exe[712] WS2_32.dll!socket 769C36D1 5 Bytes JMP 003F000A
    .text C:\Windows\Explorer.EXE[836] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00310000
    .text C:\Windows\Explorer.EXE[836] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00310022
    .text C:\Windows\Explorer.EXE[836] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00310011
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 000100AB
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00010090
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 00010F1E
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00010F39
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00010F79
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 0001001B
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 0001002C
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 0001007F
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00010053
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00010FA5
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00010F94
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00010FC0
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 0001006E
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 000100C6
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00010000
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00010FEF
    .text C:\Windows\Explorer.EXE[836] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00010F4A
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00330F94
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00330FC3
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00330FEF
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00330040
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00330F79
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 0033000A
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00330FD4
    .text C:\Windows\Explorer.EXE[836] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 0033002F
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00340FA6
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!system 7577805B 5 Bytes JMP 00340027
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00340FB7
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!_open 7577D116 5 Bytes JMP 00340FEF
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00340016
    .text C:\Windows\Explorer.EXE[836] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00340FDE
    .text C:\Windows\Explorer.EXE[836] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00370FEF
    .text C:\Windows\Explorer.EXE[836] WININET.dll!InternetOpenA 763FD6A8 5 Bytes JMP 017C0FE5
    .text C:\Windows\Explorer.EXE[836] WININET.dll!InternetOpenW 763FDB21 5 Bytes JMP 017C0000
    .text C:\Windows\Explorer.EXE[836] WININET.dll!InternetOpenUrlA 763FF3BC 5 Bytes JMP 017C0FCA
    .text C:\Windows\Explorer.EXE[836] WININET.dll!InternetOpenUrlW 76446DFF 5 Bytes JMP 017C0FB9
    .text C:\Windows\system32\svchost.exe[908] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 0076000A
    .text C:\Windows\system32\svchost.exe[908] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00760FE5
    .text C:\Windows\system32\svchost.exe[908] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 0076001B
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00710F3D
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00710F58
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 007100A8
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00710F1B
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00710F84
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00710FD4
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00710FC3
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00710F69
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 0071005E
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00710043
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00710FA1
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00710FB2
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00710079
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 007100B9
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 0071000A
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00710FEF
    .text C:\Windows\system32\svchost.exe[908] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00710F2C
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00770FA6
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!system 7577805B 5 Bytes JMP 00770FB7
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00770027
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_open 7577D116 5 Bytes JMP 00770FEF
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00770FD2
    .text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 0077000C
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00860F75
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00860F97
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00860FEF
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00860F86
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00860032
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00860FCD
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00860FDE
    .text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00860FB2
    .text C:\Windows\system32\svchost.exe[908] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00810000
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00340FE5
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 0034000A
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00340FCA
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 003200A4
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00320F68
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 003200C6
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00320F2F
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 0032006E
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00320025
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00320FD4
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00320F79
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00320051
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00320FA8
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00320040
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00320FC3
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00320089
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00320F14
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 0032000A
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00320FEF
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 765560CF 5 Bytes JMP 003200B5
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00350FA1
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 7577805B 5 Bytes JMP 00350FB2
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00350FDE
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 7577D116 5 Bytes JMP 00350FEF
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00350FC3
    .text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00350018
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00870F83
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00870025
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00870FEF
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00870F94
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00870036
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00870000
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00870FD4
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00870FB9
    .text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00860FE5
    .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00210FE5
    .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 0021000A
    .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00210FCA
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00200F4C
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 0020009C
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 002000BE
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 002000AD
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00200070
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00200FDB
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 0020002C
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00200F71
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 0020005F
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00200FAC
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 0020004E
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 0020003D
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00200081
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 002000CF
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 0020001B
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00200000
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00200F31
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 003B0F90
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!system 7577805B 5 Bytes JMP 003B0FA1
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 003B0FBC
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_open 7577D116 5 Bytes JMP 003B0FEF
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 003B0011
    .text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 003B0000
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00DA0F7C
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00DA0FA8
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00DA0FE5
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00DA0F8D
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00DA0043
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00DA0FC3
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00DA0FD4
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00DA0014
    .text C:\Windows\System32\svchost.exe[1048] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00D90FEF
    .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 008C0FEF
    .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 008C0FD4
    .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 008C0000
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 007000C3
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 007000B2
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 0070010A
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 007000E5
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 0070007F
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00700FD1
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00700FB6
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 007000A1
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00700062
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00700FA5
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00700047
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00700022
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00700090
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00700F58
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00700011
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00700000
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 765560CF 5 Bytes JMP 007000D4
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 008D0050
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 7577805B 5 Bytes JMP 008D003F
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 008D001D
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 7577D116 5 Bytes JMP 008D0FEF
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 008D002E
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 008D0000
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 008B0FA5
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 008B0036
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 008B0000
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 008B0051
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 008B0062
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 008B0FCA
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 008B0FE5
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 008B001B
    .text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00960FEF
    .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00A10FEF
    .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00A10FB9
    .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00A10FD4
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 009B0096
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 009B0F46
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 009B00DD
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 009B00C2
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 009B0060
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 009B0FD4
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 009B0FB9
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 009B007B
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 009B0F86
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 009B0F97
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 009B0043
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 009B0FA8
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 009B0F6B
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 009B0F2B
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 009B000A
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 009B0FEF
    .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!WinExec 765560CF 5 Bytes JMP 009B00A7
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00AA0FA5
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!system 7577805B 5 Bytes JMP 00AA003A
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00AA0FDE
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_open 7577D116 5 Bytes JMP 00AA000C
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00AA0029
    .text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00AA0FEF
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00A00087
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00A0005B
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00A00000
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00A00076
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00A00FCA
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00A00025
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00A00FEF
    .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00A00040
    .text C:\Windows\System32\svchost.exe[1164] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00AB0000
    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00990FE5
    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00990FAF
    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00990FD4
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 008A00EB
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 008A0FA5
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 008A0F79
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 008A0F8A
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 008A0FD1
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 008A002C
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 008A0047
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 008A0FC0
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 008A00AB
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 008A0073
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 008A0084
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 008A0058
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 008A00C6
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 008A012B
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 008A001B
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 008A0000
    .text C:\Windows\system32\svchost.exe[1184] kernel32.dll!WinExec 765560CF 5 Bytes
     
  3. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    JMP 008A00FC
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00DF0FDB
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!system 7577805B 5 Bytes JMP 00DF0066
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00DF0044
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_open 7577D116 5 Bytes JMP 00DF000C
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00DF0055
    .text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00DF0029
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 008B001E
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 008B0F97
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 008B0FEF
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 008B0F7C
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 008B002F
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 008B0FC3
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 008B0FDE
    .text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 008B0FB2
    .text C:\Windows\system32\svchost.exe[1184] WS2_32.dll!socket 769C36D1 5 Bytes JMP 010D0000
    .text C:\Windows\system32\svchost.exe[1184] WININET.dll!InternetOpenA 763FD6A8 5 Bytes JMP 01250FE5
    .text C:\Windows\system32\svchost.exe[1184] WININET.dll!InternetOpenW 763FDB21 5 Bytes JMP 01250000
    .text C:\Windows\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlA 763FF3BC 5 Bytes JMP 01250011
    .text C:\Windows\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlW 76446DFF 5 Bytes JMP 01250022
    .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 001C000A
    .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 001C0036
    .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 001C001B
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00190F5B
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00190F80
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 001900C6
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00190F2F
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 0019007F
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00190FDB
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00190FCA
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 001900AB
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00190058
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00190036
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00190047
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00190FA5
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00190090
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00190F14
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 0019001B
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 0019000A
    .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00190F4A
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 001D0044
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!system 7577805B 5 Bytes JMP 001D0FB9
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 001D0FEF
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_open 7577D116 5 Bytes JMP 001D0000
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 001D0FD4
    .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 001D0029
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 001B0062
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 001B0FB6
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 001B0047
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 001B0073
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 001B001B
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 001B0000
    .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 001B002C
    .text C:\Windows\system32\svchost.exe[1328] WS2_32.dll!socket 769C36D1 5 Bytes JMP 001A0FE5
    .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 011C0FEF
    .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 011C0025
    .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 011C000A
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 010D0093
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 010D0F57
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 010D00B8
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 010D0F21
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 010D0F79
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 010D0FCA
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 010D001B
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 010D0078
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 010D0F8A
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 010D002C
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 010D0047
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 010D0FA5
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 010D0F68
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 010D0F10
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 010D0000
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 010D0FEF
    .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!WinExec 765560CF 5 Bytes JMP 010D0F3C
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00100F70
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!system 7577805B 5 Bytes JMP 00100F95
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00100FC1
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_open 7577D116 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00100FA6
    .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00100FDE
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 76A139AB 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 011B0FAF
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 011B0036
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 011B0000
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 011B0051
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 011B0076
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 011B0FEF
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 011B0025
    .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 011B0FCA
    .text C:\Windows\system32\svchost.exe[1376] WS2_32.dll!socket 769C36D1 5 Bytes JMP 010E0FEF
    .text C:\Windows\system32\svchost.exe[1376] WinInet.dll!InternetOpenA 763FD6A8 5 Bytes JMP 01040FEF
    .text C:\Windows\system32\svchost.exe[1376] WinInet.dll!InternetOpenW 763FDB21 5 Bytes JMP 01040000
    .text C:\Windows\system32\svchost.exe[1376] WinInet.dll!InternetOpenUrlA 763FF3BC 5 Bytes JMP 01040FD4
    .text C:\Windows\system32\svchost.exe[1376] WinInet.dll!InternetOpenUrlW 76446DFF 5 Bytes JMP 01040FC3
    .text C:\Windows\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00800FEF
    .text C:\Windows\system32\svchost.exe[1664] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 0080000A
    .text C:\Windows\system32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00800FDE
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 001C0F5C
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 001C00A2
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 001C00CE
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 001C0F37
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 001C0F99
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 001C0036
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 001C0047
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 001C0F77
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 001C0FB4
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 001C0073
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 001C0FDB
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 001C0062
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 001C0F88
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 001C00F3
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 001C001B
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 001C0000
    .text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 765560CF 5 Bytes JMP 001C00BD
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 001B0F97
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!system 7577805B 5 Bytes JMP 001B0FB2
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 001B0022
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_open 7577D116 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 001B0FCD
    .text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 001B0FDE
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00770FA5
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00770040
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00770FEF
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00770051
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00770F94
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00770025
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 0077000A
    .text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00770FD4
    .text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00720000
    .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 008A0FEF
    .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 008A0011
    .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 008A0000
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00200F61
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00200F72
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 002000DD
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 002000C2
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00200082
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 0020000A
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00200FC3
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 0020009D
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00200071
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00200039
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00200054
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00200FB2
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00200F8D
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 002000EE
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00200FD4
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00200FEF
    .text C:\Windows\system32\svchost.exe[1992] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00200F46
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 001B002C
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!system 7577805B 5 Bytes JMP 001B0FA1
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 001B0FCD
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_open 7577D116 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 001B0FB2
    .text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 001B0FDE
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00890FA8
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00890FB9
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00890FEF
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00890040
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00890F97
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00890FD4
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 0089000A
    .text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 0089002F
    .text C:\Windows\system32\svchost.exe[1992] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00870FEF
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2076] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 6D7F9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2076] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 6D7F99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 008D0FEF
    .text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 008D000A
    .text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 008D0FD4
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00230F39
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00230F54
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 00230EFC
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00230F17
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00230064
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00230011
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00230022
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00230F6F
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00230053
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00230FA5
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00230F94
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00230FB6
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 0023007F
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00230EEB
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00230000
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00230FEF
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00230F28
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 000F0016
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!system 7577805B 5 Bytes JMP 000F0F95
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 000F0FC1
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!_open 7577D116 5 Bytes JMP 000F0FEF
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 000F0FA6
    .text C:\Windows\system32\svchost.exe[2192] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 000F0FD2
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00870F97
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00870FA8
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00870FEF
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00870039
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 0087004A
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00870FB9
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 00870FD4
    .text C:\Windows\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00870014
    .text C:\Windows\system32\svchost.exe[2192] WS2_32.dll!socket 769C36D1 5 Bytes JMP 0086000A
    .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 007C000A
    .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 007C001B
    .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 007C0FEF
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00750F68
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 007500AE
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 00750F46
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 007500DD
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00750FB9
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 0075002F
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00750040
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00750F83
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00750FCA
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00750062
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00750087
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00750051
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00750F94
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00750F21
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileW 7650B0EB 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00750FEF
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 0075000A
    .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00750F57
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00740FBC
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!system 7577805B 5 Bytes JMP 00740047
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00740FCD
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!_open 7577D116 5 Bytes JMP 00740000
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 0074002C
    .text C:\Windows\system32\svchost.exe[2392] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00740011
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 007B004A
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 007B0FBC
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 007B0000
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 007B0039
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 007B0F8D
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 007B0FDE
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 007B0FEF
    .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 007B0FCD
    .text C:\Windows\system32\svchost.exe[2392] WS2_32.dll!socket 769C36D1 5 Bytes JMP 0076000A
    .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00090000
    .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 0009002C
    .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 0009001B
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00060F04
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00060F1F
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 00060ECE
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00060EF3
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00060F66
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00060025
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00060FD4
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00060F30
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 0006004A
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00060FA8
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00060F8D
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 00060FB9
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00060F4B
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00060EB3
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 0006000A
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00060FE5
    .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!WinExec 765560CF 5 Bytes JMP 0006006F
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00050047
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!system 7577805B 5 Bytes JMP 00050FBC
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00050FDE
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!_open 7577D116 5 Bytes JMP 00050FEF
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00050FCD
    .text C:\Windows\System32\svchost.exe[2424] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 0005000C
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00070073
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00070051
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 00070000
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00070062
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00070FB6
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00070FE5
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 0007001B
    .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00070036
    .text C:\Windows\System32\svchost.exe[2424] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00240FEF
    .text C:\Windows\system32\svchost.exe[3060] ntdll.dll!NtCreateFile 76E54244 5 Bytes JMP 00040FE5
    .text C:\Windows\system32\svchost.exe[3060] ntdll.dll!NtCreateProcess 76E54304 5 Bytes JMP 00040000
    .text C:\Windows\system32\svchost.exe[3060] ntdll.dll!NtProtectVirtualMemory 76E54BA4 5 Bytes JMP 00040FD4
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!GetStartupInfoW 764C1929 5 Bytes JMP 00010F29
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!GetStartupInfoA 764C19C9 5 Bytes JMP 00010F3A
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateProcessW 764C1BF3 5 Bytes JMP 00010EE2
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateProcessA 764C1C28 5 Bytes JMP 00010EFD
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!VirtualProtect 764C1DC3 5 Bytes JMP 00010F70
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateNamedPipeA 764C2EF5 5 Bytes JMP 00010000
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateNamedPipeW 764C5C0C 5 Bytes JMP 00010FAF
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreatePipe 764E8F06 5 Bytes JMP 00010F55
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!LoadLibraryExW 764E927C 5 Bytes JMP 00010F81
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!LoadLibraryW 764E9400 5 Bytes JMP 00010036
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!LoadLibraryExA 764E9554 5 Bytes JMP 00010F9E
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!LoadLibraryA 764E957C 5 Bytes JMP 0001001B
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!VirtualProtectEx 764EDC52 5 Bytes JMP 00010065
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!GetProcAddress 7650925B 5 Bytes JMP 00010ED1
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateFileW 7650B0EB 5 Bytes JMP 00010FCA
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateFileA 7650D07F 5 Bytes JMP 00010FE5
    .text C:\Windows\system32\svchost.exe[3060] kernel32.dll!WinExec 765560CF 5 Bytes JMP 00010F0E
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!_wsystem 75777F3F 5 Bytes JMP 00060FAF
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!system 7577805B 5 Bytes JMP 00060FCA
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!_creat 7577BBF1 5 Bytes JMP 00060029
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!_open 7577D116 5 Bytes JMP 0006000C
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!_wcreat 7577D336 5 Bytes JMP 00060044
    .text C:\Windows\system32\svchost.exe[3060] msvcrt.dll!_wopen 7577D511 5 Bytes JMP 00060FEF
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegCreateKeyExA 76A139AB 5 Bytes JMP 00070065
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegCreateKeyA 76A13BA9 5 Bytes JMP 00070FDE
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegOpenKeyA 76A189C7 5 Bytes JMP 0007000A
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegCreateKeyW 76A2391E 5 Bytes JMP 00070FC3
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegCreateKeyExW 76A241F1 5 Bytes JMP 00070076
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegOpenKeyExA 76A27C42 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegOpenKeyW 76A2E2B5 5 Bytes JMP 0007001B
    .text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!RegOpenKeyExW 76A37BA1 5 Bytes JMP 00070040
    .text C:\Windows\system32\svchost.exe[3060] WS2_32.dll!socket 769C36D1 5 Bytes JMP 00080FEF

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[2164] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [012BA4D0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[2164] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [012BA530] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  4. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19272
    Run by Owner at 18:00:46 on 2012-06-19
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1593 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?o=101760&l=dis
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120427002744.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A534E0A6-E812-47E5-B472-791AF239C129} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r09ahzp1.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 464304]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-8-17 64912]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-8-17 169608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-19 73728]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-3 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-8-17 161632]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-3 151880]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-15 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-8-17 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-5 180848]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-5 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-8-3 340920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-18 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-1 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-18 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-3 87656]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-5 34376]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-5 40648]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 113120]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-4-19 209408]
    .
    =============== Created Last 30 ================
    .
    2012-06-19 15:44:14 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4950f74a-d9d6-46b2-b8e5-67c8a06e9ace}\offreg.dll
    2012-06-19 06:29:44 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4950f74a-d9d6-46b2-b8e5-67c8a06e9ace}\mpengine.dll
    2012-06-19 01:49:17 -------- d-----w- c:\users\owner\appdata\local\NPE
    2012-06-18 23:15:54 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
    2012-06-18 23:15:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-18 23:15:39 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-18 04:54:52 -------- d-----w- c:\program files\CCleaner
    2012-06-13 16:39:25 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 16:39:24 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 16:39:23 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 16:36:59 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 16:36:17 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-07 19:14:49 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-07 19:14:49 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-01 16:29:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-31 00:36:47 -------- d-----r- c:\users\owner\TV Shows
    .
    ==================== Find3M ====================
    .
    2012-06-01 16:29:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 18:07:09.45 ===============
     
  5. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/19/2008 1:58:50 PM
    System Uptime: 6/19/2012 5:43:39 AM (13 hours ago)
    .
    Motherboard: Dell Inc. | | 0R386D
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 122.096 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.794 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1303: 6/12/2012 12:00:02 AM - Scheduled Checkpoint
    RP1304: 6/13/2012 2:26:18 AM - Scheduled Checkpoint
    RP1305: 6/14/2012 12:00:02 AM - Scheduled Checkpoint
    RP1306: 6/14/2012 2:31:18 AM - Windows Update
    RP1307: 6/15/2012 6:09:22 PM - Scheduled Checkpoint
    RP1308: 6/17/2012 9:27:24 AM - Scheduled Checkpoint
    RP1309: 6/17/2012 11:30:17 PM - Removed Steam
    RP1310: 6/18/2012 10:20:31 PM - Scheduled Checkpoint
    RP1311: 6/19/2012 1:28:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    BitTorrent
    Browser Address Error Redirector
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell Getting Started Guide
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    DellSupport
    Fingerprint Reader Suite 5.6
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Java(TM) 6 Update 4
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Internet Security
    McAfee Security Scan Plus
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Music, Photos & Videos Launcher
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 301.42
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Graphics Driver 296.10
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.8.15
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    Product Documentation Launcher
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SUPERAntiSpyware
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    VLC media player 1.1.7
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/18/2012 9:51:17 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR300\0000 disappeared from the system without first being prepared for removal.
    6/18/2012 8:58:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    6/18/2012 8:55:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
    6/18/2012 8:55:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/18/2012 8:55:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/18/2012 8:55:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/18/2012 8:55:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/18/2012 8:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/18/2012 8:46:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/18/2012 7:48:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    6/18/2012 7:21:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/18/2012 7:21:15 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/18/2012 7:21:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/18/2012 6:19:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    6/18/2012 6:16:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    6/18/2012 6:16:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/18/2012 5:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    6/18/2012 5:27:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
    6/18/2012 5:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    6/14/2012 11:38:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    6/14/2012 11:38:31 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/14/2012 11:34:27 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==============================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Thank you for helping me! Here is the first log from Bootkit Remover

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/19/2008 1:58:50 PM
    System Uptime: 6/19/2012 5:43:39 AM (13 hours ago)
    .
    Motherboard: Dell Inc. | | 0R386D
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 122.096 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.794 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1303: 6/12/2012 12:00:02 AM - Scheduled Checkpoint
    RP1304: 6/13/2012 2:26:18 AM - Scheduled Checkpoint
    RP1305: 6/14/2012 12:00:02 AM - Scheduled Checkpoint
    RP1306: 6/14/2012 2:31:18 AM - Windows Update
    RP1307: 6/15/2012 6:09:22 PM - Scheduled Checkpoint
    RP1308: 6/17/2012 9:27:24 AM - Scheduled Checkpoint
    RP1309: 6/17/2012 11:30:17 PM - Removed Steam
    RP1310: 6/18/2012 10:20:31 PM - Scheduled Checkpoint
    RP1311: 6/19/2012 1:28:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    BitTorrent
    Browser Address Error Redirector
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell Getting Started Guide
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    DellSupport
    Fingerprint Reader Suite 5.6
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Java(TM) 6 Update 4
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Internet Security
    McAfee Security Scan Plus
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Music, Photos & Videos Launcher
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 301.42
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Graphics Driver 296.10
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.8.15
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    Product Documentation Launcher
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SUPERAntiSpyware
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    VLC media player 1.1.7
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/18/2012 9:51:17 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR300\0000 disappeared from the system without first being prepared for removal.
    6/18/2012 8:58:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    6/18/2012 8:55:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
    6/18/2012 8:55:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/18/2012 8:55:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/18/2012 8:55:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/18/2012 8:55:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/18/2012 8:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/18/2012 8:46:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/18/2012 7:48:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    6/18/2012 7:21:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/18/2012 7:21:15 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/18/2012 7:21:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/18/2012 6:19:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    6/18/2012 6:16:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    6/18/2012 6:16:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/18/2012 5:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    6/18/2012 5:27:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
    6/18/2012 5:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    6/14/2012 11:38:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    6/14/2012 11:38:31 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/14/2012 11:34:27 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You posted Attach.txt part of DDS instead of Bootkit Remover log.
    Redo.
     
  9. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    I have a question. I was running the second scan for aswMBR. While it was scanning I walked away from my computer and when I came back to check on it, my computer was restarting. When it restarted I had a message that said "Dell Wireless WLAN Card Wireless Network Controller stopped working and was closed." And the scan is not there. Should I do that scan again?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes. You may also try safe mode.

    Read my previous reply.
     
  11. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    This is what I get from the Bootkit Remover Log. But it seems wrong. Seems like there should be more

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`85700000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's the log :)
     
  13. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Ok thanks! I will try to second now.
     
  14. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Just to let you know, I did restart my computer in Safe Mode like you suggested and I did it before this scan. Here is the aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-20 20:20:55
    -----------------------------
    20:20:55.149 OS Version: Windows 6.0.6002 Service Pack 2
    20:20:55.149 Number of processors: 2 586 0xF0D
    20:20:55.174 ComputerName: OWNER-PC UserName: Owner
    20:21:09.986 Initialize success
    20:21:19.981 AVAST engine defs: 12062001
    20:21:37.724 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:21:37.727 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
    20:21:37.739 Disk 0 MBR read successfully
    20:21:37.752 Disk 0 MBR scan
    20:21:37.776 Disk 0 Windows VISTA default MBR code
    20:21:37.799 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
    20:21:37.808 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 178176
    20:21:37.839 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225586 MB offset 21149696
    20:21:37.853 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
    20:21:37.943 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
    20:21:37.950 Disk 0 scanning sectors +488394752
    20:21:38.037 Disk 0 scanning C:\Windows\system32\drivers
    20:21:48.493 Service scanning
    20:22:18.324 Modules scanning
    20:22:23.786 Disk 0 trace - called modules:
    20:22:23.820 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    20:22:23.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d742b0]
    20:22:23.854 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85389030]
    20:22:24.782 AVAST engine scan C:\Windows
    20:22:26.794 AVAST engine scan C:\Windows\system32
    20:26:32.597 AVAST engine scan C:\Windows\system32\drivers
    20:26:54.559 AVAST engine scan C:\Users\Owner
    20:31:37.309 AVAST engine scan C:\ProgramData
    20:33:16.957 Scan finished successfully
    20:34:24.197 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    20:34:24.204 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    It is telling me that my McAfee anti-virus and anti-spyware real time scanners are still running but I have them turned off. I don't know if I am missing something.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    If you did go ahead with Combofix.
     
  18. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Here is the Combofix log

    ComboFix 12-06-20.02 - Owner 06/20/2012 21:10:17.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2329 [GMT -5:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Mozilla Firefox\components\AskHPRFF.js
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
    c:\users\Owner\AppData\Roaming\MSA
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-19 15:44 . 2012-06-19 15:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4950F74A-D9D6-46B2-B8E5-67C8A06E9ACE}\offreg.dll
    2012-06-19 06:29 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4950F74A-D9D6-46B2-B8E5-67C8A06E9ACE}\mpengine.dll
    2012-06-19 01:49 . 2012-06-19 02:01 -------- d-----w- c:\users\Owner\AppData\Local\NPE
    2012-06-18 23:15 . 2012-06-18 23:15 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-18 23:15 . 2012-06-18 23:15 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-18 23:15 . 2012-06-18 23:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-18 04:54 . 2012-06-18 04:55 -------- d-----w- c:\program files\CCleaner
    2012-06-13 16:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 16:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 16:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 16:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 16:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-07 19:14 . 2012-06-07 19:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-07 19:14 . 2012-06-07 19:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-01 16:29 . 2012-06-01 16:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-31 00:36 . 2012-05-31 00:42 -------- d-----r- c:\users\Owner\TV Shows
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-01 16:29 . 2011-12-08 04:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 20:56 . 2009-07-26 03:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16 . 2012-05-11 16:21 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16 . 2012-05-11 16:21 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 12:39 . 2012-05-11 16:22 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-06-16 20:01 . 2011-04-06 20:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 19:01 . 2011-08-03 21:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-20 29744]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2011-08-05 17:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 16:29]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 23:15]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 23:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?o=101760&l=dis
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r09ahzp1.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-20 21:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(648)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Fingerprint Reader Suite\homefus2.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    - - - - - - - > 'Explorer.exe'(1884)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    Completion time: 2012-06-20 21:17:16
    ComboFix-quarantined-files.txt 2012-06-21 02:17
    .
    Pre-Run: 134,640,123,904 bytes free
    Post-Run: 134,699,491,328 bytes free
    .
    - - End Of File - - ADF9B9CE658D5567C8FA486543C206F3
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good.

    How is computer doing?

    Uninstall Ask Toolbar, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Computer seems to running pretty good right now. I tried to uninstall Ask Toolbar through Control Panel and it says that it does not exist, cannot uninstalled. But it is listed there.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's fine.
    Go ahead with OTL.
     
  22. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Here's the OTL.txt

    OTL logfile created on: 6/20/2012 9:47:36 PM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Owner\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 72.91% Memory free
    6.19 Gb Paging File | 5.65 Gb Available in Paging File | 91.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.30 Gb Total Space | 125.48 Gb Free Space | 56.96% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/20 21:38:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
    PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/12 12:01:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2007/03/21 14:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/16 15:01:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/01 11:29:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/15 05:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/02/29 18:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/30 11:51:44 | 000,034,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2011/03/30 11:51:42 | 000,040,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2008/01/25 00:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/12/02 23:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) Intel(R)
    DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search-gala.com/?&uid=36&q={searchTerms}
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
    IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Ask"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/12/10 16:02:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/20 19:52:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 21:14:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 19:21:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 21:14:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 19:21:53 | 000,000,000 | ---D | M]

    [2009/06/09 20:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2012/05/02 01:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r09ahzp1.default\extensions
    [2010/04/26 22:13:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r09ahzp1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/19 17:41:33 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r09ahzp1.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2009/07/29 21:38:01 | 000,000,682 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r09ahzp1.default\searchplugins\ask.xml
    [2009/06/12 22:09:35 | 000,001,504 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r09ahzp1.default\searchplugins\imdb.xml
    [2011/04/06 15:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/20 19:52:29 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
    [2012/06/16 15:01:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 13:26:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: SiteAdvisor = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/06/20 21:15:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120427002744.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
    O15 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A534E0A6-E812-47E5-B472-791AF239C129}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 1084

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/20 21:17:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/06/20 21:16:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/20 21:09:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/20 21:09:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/20 21:09:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/20 21:09:05 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/06/20 20:49:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/20 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/20 20:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/06/18 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
    [2012/06/18 19:21:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/06/18 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/06/18 18:15:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2012/06/18 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/06/18 18:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/06/18 18:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/06/17 23:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/05/30 19:36:47 | 000,000,000 | R--D | C] -- C:\Users\Owner\TV Shows
    [2012/05/24 00:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

    ========== Files - Modified Within 30 Days ==========

    [2012/06/20 21:44:42 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2012/06/20 21:15:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/06/20 20:34:24 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/06/20 20:12:21 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
    [2012/06/20 20:10:15 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/06/20 20:10:15 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/06/20 20:09:47 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Owner\Desktop\boot_cleaner.exe
    [2012/06/20 20:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/20 20:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/20 20:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/20 19:55:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/20 19:48:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/20 19:47:30 | 492,752,481 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/06/19 17:01:51 | 000,000,843 | ---- | M] () -- C:\Users\Owner\Desktop\lbc37g52 - Shortcut.lnk
    [2012/06/19 16:45:19 | 000,000,926 | ---- | M] () -- C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/18 21:02:02 | 000,001,116 | ---- | M] () -- C:\ProgramData\SMRResults300.dat
    [2012/06/18 18:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/18 18:15:47 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/18 00:12:43 | 000,000,830 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner - Shortcut.lnk
    [2012/06/14 11:34:06 | 000,379,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/05/30 19:37:02 | 000,014,336 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/06/20 21:09:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/20 21:09:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/20 21:09:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/20 21:09:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/20 21:09:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/20 20:34:24 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/06/20 19:47:30 | 492,752,481 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/19 17:01:51 | 000,000,843 | ---- | C] () -- C:\Users\Owner\Desktop\lbc37g52 - Shortcut.lnk
    [2012/06/19 16:45:19 | 000,000,926 | ---- | C] () -- C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/18 21:01:50 | 000,001,116 | ---- | C] () -- C:\ProgramData\SMRResults300.dat
    [2012/06/18 18:50:06 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/18 18:16:09 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/18 18:15:47 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/18 18:12:15 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2012/06/18 00:12:43 | 000,000,830 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner - Shortcut.lnk
    [2012/06/01 11:29:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

    ========== LOP Check ==========

    [2012/06/17 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
    [2009/09/03 19:59:21 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\lowsec
    [2010/02/18 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PopCapv1002
    [2009/06/10 09:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2009/08/16 23:03:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp
    [2012/06/20 20:04:26 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2012/06/20 21:17:16 | 000,013,093 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/04/19 21:52:13 | 000,004,641 | RH-- | M] () -- C:\dell.sdr
    [2012/06/20 20:05:28 | 3533,000,704 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/20 20:47:26 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/17 22:43:30 | 000,000,429 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/20 20:09:47 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Owner\Desktop\boot_cleaner.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/18 18:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/20 19:48:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/20 19:55:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/20 20:04:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/20 20:04:26 | 000,032,588 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/06/08 16:16:50 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/26 18:51:54 | 000,055,141 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  23. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Here's the Extras.txt

    OTL Extras logfile created on: 6/20/2012 9:47:36 PM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Owner\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 72.91% Memory free
    6.19 Gb Paging File | 5.65 Gb Available in Paging File | 91.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.30 Gb Total Space | 125.48 Gb Free Space | 56.96% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFB8B9AF-EF3D-48F1-A455-DC876AF80765}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12C35F3E-6BF5-4DB9-A3FA-370174A2F7FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1FDAB81A-7D39-4905-B554-A3986376656C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{1FFC601C-41B4-4BA3-82E7-F7403059044F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online.exe |
    "{2CC574B6-71FC-437D-B88C-0641C35C7DE0}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{3D2FD6F8-BE09-40BB-B16C-72D88B6EF810}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{47C937C9-7B1C-4E7A-9FA1-B6F449331263}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{58DABE0F-3FB0-47AC-BEB5-AAD9F6BC4DC9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{76EBB298-EB16-4706-817F-9AF4BC9DA7DD}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{8EB731E9-5750-4C82-8080-6D23170D1E4C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{90DBECBA-A49D-478A-9898-9C09E4EB8ED4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{996B9DD3-3C0A-4657-919E-24A2776F65B9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A9F61D67-982A-4D61-AE2F-CB0329C604B3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{B02187B9-99CB-4215-89C7-4457E0EB0A01}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{BFE3246E-5C2B-49FF-B2E6-107A8EBD6D7B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{CEDCDE37-BF46-48A5-A582-A56A5CA2A7A4}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{CF22E1DE-25FC-4032-9E34-C91DA1D8CC0A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{D311DAA4-3E85-4F18-89BF-D789BDA50A15}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D7A6883C-A357-4954-B618-F1701DCA756F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online.exe |
    "{F85196F2-5A8C-46E7-B728-A7FCC2A636CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{FB0A935B-1EEB-4035-9707-B75194E659E8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "TCP Query User{352DDBCC-6612-4A0F-BD9F-B9720ED188C4}C:\users\owner\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\championsonlinef2p.exe |
    "TCP Query User{41144247-EE7A-4F23-9885-CF57E6309F49}C:\program files\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "UDP Query User{1D154DDF-25E8-4BD6-BD13-79648C1766A2}C:\program files\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "UDP Query User{7A291E2E-20AA-47C9-B148-6225B23B973C}C:\users\owner\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\championsonlinef2p.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Ask Toolbar_is1" = Ask Toolbar
    "BitTorrent" = BitTorrent
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee Internet Security
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "VLC media player" = VLC media player 1.1.7
    "Zune" = Zune

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/6/2012 4:27:43 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:44 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:44 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:44 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:44 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:53 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/6/2012 4:27:53 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 6/7/2012 1:36:41 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 8/10/2011 1:21:03 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 12:20:59, Wed, Aug 10, 11 Error - Unable to gain access to user store


    Error - 8/17/2011 5:29:09 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 16:29:07, Wed, Aug 17, 11 Error - Unable to gain access to user store


    Error - 4/27/2012 6:55:02 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 17:55:02, Fri, Apr 27, 12 Error - Unable to gain access to user store


    Error - 5/1/2012 2:54:36 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 01:54:36, Tue, May 01, 12 Error - Unable to gain access to user store


    Error - 5/17/2012 10:26:06 PM | Computer Name = OWNER-PC | Source = WLAN-Tray | ID = 0
    Description = 21:26:01, Thu, May 17, 12 Error - Unable to gain access to user store


    Error - 5/23/2012 1:51:14 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 12:51:13, Wed, May 23, 12 Error - Unable to gain access to user store


    Error - 6/18/2012 7:48:18 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 18:48:18, Mon, Jun 18, 12 Error - Unable to gain access to user store


    Error - 6/18/2012 10:02:15 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 21:02:15, Mon, Jun 18, 12 Error - Unable to gain access to user store


    Error - 6/20/2012 8:47:47 PM | Computer Name = OWNER-PC | Source = WLAN-Tray | ID = 0
    Description = 19:47:47, Wed, Jun 20, 12 Error - Unable to gain access to user store


    [ System Events ]
    Error - 6/20/2012 9:07:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 6/20/2012 9:07:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/20/2012 9:09:58 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/20/2012 9:27:27 PM | Computer Name = Owner-PC | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 6/20/2012 9:49:57 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/20/2012 10:00:40 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/20/2012 10:02:58 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/20/2012 10:10:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 6/20/2012 10:12:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 6/20/2012 10:15:08 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
      IE - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
      FF - prefs.js..browser.search.defaultenginename: "Ask"
      FF - prefs.js..browser.search.order.1: "Ask"
      FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="
      [2009/07/29 21:38:01 | 000,000,682 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r09ahzp1.default\searchplugins\ask.xml
      O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
      O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O15 - HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\..Trusted Ranges: GD ([http] in Local intranet)
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\AskBarDis
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    ====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Daniel04

    Daniel04 TS Rookie Topic Starter Posts: 21

    Here is the second OTL

    All processes killed
    ========== OTL ==========
    Service SymIMMP stopped successfully!
    Service SymIMMP deleted successfully!
    File system32\DRIVERS\SymIM.sys not found.
    Service SymIM stopped successfully!
    Service SymIM deleted successfully!
    File system32\DRIVERS\SymIM.sys not found.
    HKU\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "Ask" removed from browser.search.defaultenginename
    Prefs.js: "Ask" removed from browser.search.order.1
    Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=" removed from keyword.URL
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r09ahzp1.default\searchplugins\ask.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3165294895-1413846157-1575979218-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3165294895-1413846157-1575979218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
    C:\Program Files\AskBarDis\bar\bin folder moved successfully.
    C:\Program Files\AskBarDis\bar folder moved successfully.
    C:\Program Files\AskBarDis folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 737414 bytes
    ->Java cache emptied: 30345 bytes
    ->FireFox cache emptied: 59892803 bytes
    ->Google Chrome cache emptied: 6384871 bytes
    ->Flash cache emptied: 2846068 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37082 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.50.0 log created on 06202012_223730

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...