Solved Computer Crashes, Browsers Redirect, suspected malware

tennboy · 2011/08/08

[Resolved] Computer Crashes, Browsers Redirect, suspected malware

Hi

Over the last few weeks my computer has become more and more unstable. It has begun to randomly just "shut down" by that I mean that it literally goes to a black screen, no warning, no blue screen, just poof.

I have also noticed that if I use a browser other than firefox or IE and go to certain websites, my screen is redirected to another site.

I have followed the steps for posting although one of the times that seems to be a problem (computer crashes) is when I do a full virus or malware scan

Thanks,
John H

If you have a antivirus program, make sure it's up to date. Run a full scan.

tried crashed after about 5 minutes

Download and run Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7409

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/8/2011 11:22:50
mbam-log-2011-08-08 (11-22-50).txt

Scan type: Quick scan
Objects scanned: 189143
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tennboy · 2011/08/08

Computer Crashes, Browsers Redirect, Suspected Malware Part 2a (Gmer)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 12:30:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HS10
Running: qdx6mid6.exe; Driver: C:\Users\John\AppData\Local\Temp\pxldypog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x91C0E640]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BA421E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BA42212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BA421FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BA421D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8246B982 5 Bytes JMP 8BA421D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 621 824ECDA4 4 Bytes [40, E6, C0, 91] {INC EAX; OUT 0xc0, AL; XCHG ECX, EAX}
PAGE ntkrnlpa.exe!ZwTerminateProcess 826310D3 5 Bytes JMP 8BA42216 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8265082A 7 Bytes JMP 8BA421EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82650AED 5 Bytes JMP 8BA42202 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90808340, 0x3E9407, 0xE8000020]

tennboy · 2011/08/08

Computer crash, browser redirect, suspect malware Part2B(Gmer-user code1)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[204] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 01990FEF
.text C:\Windows\system32\svchost.exe[204] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 01990FDE
.text C:\Windows\system32\svchost.exe[204] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 01990014
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 01940F41
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 01940F5C
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 019400AC
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 01940F15
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 01940F92
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 01940FCA
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 01940025
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 01940087
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 01940FAF
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 01940047
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 0194006C
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 01940036
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 01940F77
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 019400D1
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 01940FE5
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 0194000A
.text C:\Windows\system32\svchost.exe[204] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 01940F26
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 01930051
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!system 773D804B 5 Bytes JMP 0193002C
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 01930000
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!_open 773DD106 5 Bytes JMP 01930FE3
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 01930011
.text C:\Windows\system32\svchost.exe[204] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 01930FD2
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 017E0F6F
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 017E0F9E
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 017E0000
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 017E001B
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 017E0F5E
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 017E0FCA
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 017E0FE5
.text C:\Windows\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 017E0FB9
.text C:\Windows\system32\svchost.exe[204] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 019A0FE5
.text C:\Windows\system32\services.exe[816] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 001C000A
.text C:\Windows\system32\services.exe[816] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\services.exe[816] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\services.exe[816] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 001B0F34
.text C:\Windows\system32\services.exe[816] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 001B0084
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 001B0F08
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 001B009F
.text C:\Windows\system32\services.exe[816] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 001B0062
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 001B0014
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 001B002F
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 001B0073
.text C:\Windows\system32\services.exe[816] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 001B0F88
.text C:\Windows\system32\services.exe[816] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 001B0051
.text C:\Windows\system32\services.exe[816] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\services.exe[816] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 001B0040
.text C:\Windows\system32\services.exe[816] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 001B0F63
.text C:\Windows\system32\services.exe[816] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 001B0EED
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 001B0FDE
.text C:\Windows\system32\services.exe[816] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\services.exe[816] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 001B0F23
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 001D004A
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 001D0F9E
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 001D0F8D
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 001D0014
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 001D0025
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 001E0073
.text C:\Windows\system32\services.exe[816] msvcrt.dll!system 773D804B 5 Bytes JMP 001E0058
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_open 773DD106 5 Bytes JMP 001E0000
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 001E001D
.text C:\Windows\system32\services.exe[816] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00350000
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 000C0FC3
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 000C0FDE
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 000B0F3E
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 000B0F4F
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 000B00B3
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 000B0F12
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 000B0069
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 000B0F60
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 000B0058
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 000B0036
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 000B0047
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 000B0025
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 000B007A
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 000B00C4
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 000B000A
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 000B0F2D
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 000D0F72
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 000D0F9E
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 000D0F83
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 000D0F57
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 000D0014
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 008A0FB2
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!system 773D804B 5 Bytes JMP 008A0033
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_open 773DD106 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 008A0018
.text C:\Windows\system32\lsass.exe[828] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 008D000A
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00770F4D
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00770F5E
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 007700B5
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 007700A4
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00770067
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 0077001B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00770089
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0077004C
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00770F94
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00770F83
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00770FAF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00770078
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 007700C6
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00770FDE
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00770F28
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00C40042
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!system 773D804B 5 Bytes JMP 00C40031
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00C40FC8
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_open 773DD106 5 Bytes JMP 00C40000
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00C40FB7
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00C40FE3
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 0079005B
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00790040
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 0079000A
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00790FC3
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 0079006C
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00790FE5
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 0079001B
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00790FD4
.text C:\Windows\system32\svchost.exe[988] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00150FDB
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0015001B
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00100F5B
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 001000A1
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 001000D7
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 001000BC
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00100F80
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00100025
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00100036
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00100090
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00100064
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00100FAF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00100047
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00100FC0
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00100075
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00100F25
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0010000A
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00100F40
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00740058
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!system 773D804B 5 Bytes JMP 00740047
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00740011
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_open 773DD106 5 Bytes JMP 00740FE3
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 0074002C
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 0016006F
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 0016002F
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00160054
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00160FB2
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00160014
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00160FDE
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00160FC3
.text C:\Windows\system32\svchost.exe[1060] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00750FEF
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00220FD4
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00210F4B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0021009B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 002100BD
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 002100AC
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 0021005B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00210FC3
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00210FB2
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00210F70
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0021004A
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 0021002F
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00210F97
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 0021001E
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00210080
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00210F01
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00210FD4
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00210F3A
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00240F97
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!system 773D804B 5 Bytes JMP 00240FA8
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_creat 773DBBE1

tennboy · 2011/08/08

Comp Crash, Browser Redirect, suspect malware Part2c (gmer User Code 2))

.text C:\Windows\system32\services.exe[816] msvcrt.dll!_open 773DD106 5 Bytes JMP 001E0000
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\services.exe[816] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 001E001D
.text C:\Windows\system32\services.exe[816] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00350000
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 000C0FC3
.text C:\Windows\system32\lsass.exe[828] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 000C0FDE
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 000B0F3E
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 000B0F4F
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 000B00B3
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 000B0F12
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 000B0069
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 000B0F60
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 000B0058
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 000B0036
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 000B0047
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 000B0025
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 000B007A
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 000B00C4
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 000B000A
.text C:\Windows\system32\lsass.exe[828] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 000B0F2D
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 000D0F72
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 000D0F9E
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 000D0F83
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 000D0F57
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 000D0014
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 008A0FB2
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!system 773D804B 5 Bytes JMP 008A0033
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_open 773DD106 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\lsass.exe[828] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 008A0018
.text C:\Windows\system32\lsass.exe[828] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 008D000A
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00770F4D
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00770F5E
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 007700B5
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 007700A4
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00770067
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 0077001B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00770089
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0077004C
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00770F94
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00770F83
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00770FAF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00770078
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 007700C6
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00770FDE
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00770F28
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00C40042
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!system 773D804B 5 Bytes JMP 00C40031
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00C40FC8
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_open 773DD106 5 Bytes JMP 00C40000
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00C40FB7
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00C40FE3
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 0079005B
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00790040
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 0079000A
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00790FC3
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 0079006C
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00790FE5
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 0079001B
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00790FD4
.text C:\Windows\system32\svchost.exe[988] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00150FDB
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0015001B
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00100F5B
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 001000A1
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 001000D7
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 001000BC
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00100F80
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00100025
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00100036
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00100090
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00100064
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00100FAF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00100047
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00100FC0
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00100075
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00100F25
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0010000A
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00100F40
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00740058
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!system 773D804B 5 Bytes JMP 00740047
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00740011
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_open 773DD106 5 Bytes JMP 00740FE3
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 0074002C
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 0016006F
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 0016002F
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00160054
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00160FB2
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00160014
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00160FDE
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00160FC3
.text C:\Windows\system32\svchost.exe[1060] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00750FEF
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00220FD4
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00210F4B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0021009B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 002100BD
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 002100AC
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 0021005B
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00210FC3
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00210FB2
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00210F70
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0021004A
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 0021002F
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00210F97
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 0021001E
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00210080
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00210F01
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00210FD4
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[1152] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00210F3A
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00240F97
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!system 773D804B 5 Bytes JMP 00240FA8
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00240FCD
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_open 773DD106 5 Bytes JMP 00240FEF
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00240018
.text C:\Windows\System32\svchost.exe[1152] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00240FDE
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00230065
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 0023002F
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00230FEF
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 0023004A
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00230076
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00230FD4
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 0023000A
.text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00230FC3
.text C:\Windows\System32\svchost.exe[1152] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00D80FEF
.text C:\Windows\System32\svchost.exe[1180] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00610000
.text C:\Windows\System32\svchost.exe[1180] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0061002C
.text C:\Windows\System32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00610011
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 005C0F5E
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 005C00A4
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 005C00C6
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 005C0F2F
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 005C0067
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 005C0FD4
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 005C0FB9
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 005C0093
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 005C004A
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 005C0FA8
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 005C0F8D
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 005C0025
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 005C0078
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 005C0F1E
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 005C0FEF
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 005C000A
.text C:\Windows\System32\svchost.exe[1180] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 005C00B5
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 0068002E
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!system 773D804B 5 Bytes JMP 00680FAD
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 0068001D
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_open 773DD106 5 Bytes JMP 00680FEF
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00680FC8
.text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 0068000C
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00660FB6
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00660047
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00660FEF
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00660062
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00660F9B
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 0066001B
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00660000
.text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00660036
.text C:\Windows\System32\svchost.exe[1180] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 01390FEF
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 01390FCD
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 01390FDE
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 013800B2
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 013800A1
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 01380F36
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 013800D7
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 01380F80
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 01380FCA
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 0138001B
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 01380090
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 01380F91
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 0138003D
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 0138004E
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 0138002C
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 01380075
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 01380F25
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 01380000
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 01380FEF
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 01380F5B
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 01DF0FC1
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!system 773D804B 5 Bytes JMP 01DF0FD2
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 01DF0027
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_open 773DD106 5 Bytes JMP 01DF0FEF
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 01DF0042
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 01DF000C
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 770C39AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 01DA0FAF
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 01DA0047
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 01DA0000
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 01DA0FC0
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 01DA0076
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 01DA0FEF
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 01DA0025
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 01DA0036
.text C:\Windows\system32\svchost.exe[1192] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 01E90FEF
.text C:\Windows\system32\svchost.exe[1192] WININET.dll!InternetOpenA 77714E2B 5 Bytes JMP 01F40FEF
.text C:\Windows\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 7771BFCE 5 Bytes JMP 01F40FC3
.text C:\Windows\system32\svchost.exe[1192] WININET.dll!InternetOpenW 7774C03E 5 Bytes JMP 01F40FD4
.text C:\Windows\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 7777D722 5 Bytes JMP 01F40FB2
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00140000
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00140040
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0014001B
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 001300AE
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00130093
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00130F43
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 001300DA
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00130F7C
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00130FB9
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00130082
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0013004A
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00130F9E

tennboy · 2011/08/08

Comp Crash, Browser Redirect, suspect malware Part2d (gmer User Code 3)

.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00130F8D
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00130025
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00130071
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 001300F5
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00130FCA
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 001300C9
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00160F9C
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!system 773D804B 5 Bytes JMP 00160FAD
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00160FE3
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_open 773DD106 5 Bytes JMP 0016000C
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00160FC8
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 0016001D
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 0015004A
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00150FA8
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 0015002F
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00150F8D
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00150FDE
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[1336] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00DB0025
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00DB0FEF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 009D0084
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 009D0073
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 009D0F12
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 009D00A9
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 009D0F7E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 009D0FDB
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 009D0FCA
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 009D0F48
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 009D0F9B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 009D0047
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 009D0058
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 009D0F63
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 009D0F01
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 009D0F23
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 01000042
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 773D804B 5 Bytes JMP 01000FAD
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 01000FD2
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 773DD106 5 Bytes JMP 01000FE3
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 01000027
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 0100000C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 001C0014
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 001C0F83
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 001C0FE5
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 001C0F72
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 001C0F4D
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 001C0F9E
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 01060FEF
.text C:\Windows\system32\svchost.exe[1400] WININET.dll!InternetOpenA 77714E2B 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 7771BFCE 5 Bytes JMP 01050FC3
.text C:\Windows\system32\svchost.exe[1400] WININET.dll!InternetOpenW 7774C03E 5 Bytes JMP 01050FDE
.text C:\Windows\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 7777D722 5 Bytes JMP 01050FB2
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 005B0000
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 005B0FCA
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 005B0FDB
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 005A0F46
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 005A008C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 005A0F1A
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 005A00B1
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 005A0F7C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 005A0025
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 005A0036
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 005A0071
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 005A0F8D
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 005A0FB9
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 005A0F9E
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 005A0FCA
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 005A0F61
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 005A0F09
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 005A000A
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 005A0F35
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 005D0031
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 773D804B 5 Bytes JMP 005D0FB0
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 005D0FC1
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 773DD106 5 Bytes JMP 005D0FEF
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 005D0016
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 005D0FD2
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00590FC0
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00590058
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00590000
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00590FD1
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00590FAF
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 0059002C
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00590011
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00590047
.text C:\Windows\system32\svchost.exe[1544] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 005E0000
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00640000

tennboy · 2011/08/08

Comp Crash, Browser Redirect, suspect malware Part2e (gmer User Code 4)

.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00640036
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00640011
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 006300BF
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 006300AE
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00630F28
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00630F4D
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00630078
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00630040
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00630F83
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00630067
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00630FC3
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00630FA8
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00630FD4
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00630093
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00630F17
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00630025
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 0063000A
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00630F5E
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 0062004C
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!system 773D804B 5 Bytes JMP 00620FC1
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00620FD2
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!_open 773DD106 5 Bytes JMP 0062000C
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00620027
.text C:\Windows\system32\svchost.exe[2296] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00620FE3
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00190F9B
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00190FC0
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00190FE5
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 0019003D
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00190F8A
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 0019002C
.text C:\Windows\system32\svchost.exe[2296] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00650000
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00550FEF
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00550025
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00540F55
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00540F70
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00540F18
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00540F29
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00540087
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 0054001B
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00540036
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00540F81
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 0054006C
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00540FB9
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 0054005B
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00540FCA
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00540F92
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00540F07
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00540FEF
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 0054000A
.text C:\Windows\system32\svchost.exe[2344] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00540F44
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00370069
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!system 773D804B 5 Bytes JMP 00370FDE
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00370033
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!_open 773DD106 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 0037004E
.text C:\Windows\system32\svchost.exe[2344] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00370018
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00360F83
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00360FAF
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00360F9E
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00360040
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00360FE5
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 0036001B
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2448] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 6F769AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2448] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 6F769A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 0011000A
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00110036
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00110025
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00100F63
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00100F74
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 001000D8
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00100F37
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00100F99
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00100036
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00100047
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 0010009F
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00100073
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00100FD1
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00100FB6
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00100062
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00100084
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00100F26
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0010001B
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00100000
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00100F48
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 000F0049
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!system 773D804B 5 Bytes JMP 000F0038
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 000F001D
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_open 773DD106 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 000F0FC8
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 000F0FE3
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 000A0FC0
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 000A0051
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 000A0062
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 000A0FAF
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 000A0025
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 000A0040
.text C:\Windows\System32\svchost.exe[2620] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[2700] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[2700] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00180036
.text C:\Windows\System32\svchost.exe[2700] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0018001B
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 001700AB
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0017009A
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 001700E1
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 001700C6
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00170F8A
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 0017002C
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00170FDB
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00170F6F
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00170F9B
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00170058
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00170FB6
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00170047
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 0017007F
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 001700FC
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0017001B
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2700] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00170F4A
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 000A003D
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!system 773D804B 5 Bytes JMP 000A0FB2
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 000A0FDE
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!_open 773DD106 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 000A0FCD
.text C:\Windows\System32\svchost.exe[2700] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 000A000C
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00090F83
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00090025
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00090F94
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00090036
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 0009000A
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00090FDE
.text C:\Windows\System32\svchost.exe[2700] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00090FB9
.text C:\Windows\System32\svchost.exe[2700] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2716] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00F60000
.text C:\Windows\system32\svchost.exe[2716] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00F60FD4
.text C:\Windows\system32\svchost.exe[2716] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00F500C0
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00F50F7A
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00F500E5
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00F50F4E
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00F50080
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00F50FDE
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00F50FC3
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00F50F8B
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00F5006F
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00F50043
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00F50054
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00F50FB2
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00F50091
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00F50F33
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00F50014
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00F50F5F
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00BF0FB7
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!system 773D804B 5 Bytes JMP 00BF0FC8
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00BF001D
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!_open 773DD106 5 Bytes JMP 00BF0000
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00BF0038
.text C:\Windows\system32\svchost.exe[2716] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00BF0FE3
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 001D0F8A
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 001D0F79
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 001D0FC0
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[2716] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00F70000
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00010EF0
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00010F0B
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00010ECB
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00010F48
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00010F1C
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00010F2D
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00010087

tennboy · 2011/08/08

Comp Crash, Browser Redirect, suspect malware Part2f (gmer User Code 5)

.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00060FAD
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!system 773D804B 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_open 773DD106 3 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_open + 4 773DD10A 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00060FC8
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_wopen 773DD501 3 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[2880] msvcrt.dll!_wopen + 4 773DD505 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00070F72
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00070014
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 0007002F
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[2880] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00550FEF
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00550FD4
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 005400AB
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0054009A
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00540F1E
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00540F2F
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00540F79
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00540FCA
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00540025
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 0054007F
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00540047
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00540036
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00540F8A
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00540FAF
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 0054006E
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00540F03
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00540000
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00540FEF
.text C:\Windows\system32\svchost.exe[2960] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00540F4A
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00520F9C
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!system 773D804B 5 Bytes JMP 00520FAD
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 0052001D
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!_open 773DD106 5 Bytes JMP 00520000
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00520FC8
.text C:\Windows\system32\svchost.exe[2960] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00520FE3
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00510FA8
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00510039
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 0051004A
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00510F97
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00510FDE
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 0051000A
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00510FCD
.text C:\Windows\system32\svchost.exe[2960] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00560000
.text C:\Windows\System32\svchost.exe[3024] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3024] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[3024] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!GetStartupInfoW 77611929 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00070F2D
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0007007D
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00070F01
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00070098
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00070F79
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 0007002C
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00070F8A
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00070F5C
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 000700B3
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3024] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00070F1C
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00060FC8
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!system 773D804B 5 Bytes JMP 00060053
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00060038
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_open 773DD106 3 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_open + 4 773DD10A 1 Byte [88]
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00060FE3
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_wopen 773DD501 3 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[3024] msvcrt.dll!_wopen + 4 773DD505 1 Byte [88]
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00050084
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00050073
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 0005009F
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 0005002C
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[3024] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00050047
.text C:\Windows\System32\svchost.exe[3024] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[3248] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3248] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[3248] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00010F44
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00010F29
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 000100C0
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00010F66
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00010F81
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 000100E5
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3248] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 000100A5
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!system 773D804B 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_open 773DD106 3 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_open + 4 773DD10A 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 0006003A
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_wopen 773DD501 3 Bytes JMP 00060029
.text C:\Windows\system32\svchost.exe[3248] msvcrt.dll!_wopen + 4 773DD505 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00530062
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00530040
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00530FEF
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00530051
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00530F9B
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00530014
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00530FDE
.text C:\Windows\system32\svchost.exe[3248] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 0053002F
.text C:\Windows\system32\svchost.exe[3248] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 00540000
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3400] kernel32.dll!SetUnhandledExceptionFilter 7763A84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\Explorer.EXE[4912] ntdll.dll!NtCreateFile 77A34224 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[4912] ntdll.dll!NtCreateProcess 77A342E4 5 Bytes JMP 0004001B
.text C:\Windows\Explorer.EXE[4912] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 00040FE5
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!GetStartupInfoW 77611929 5 Bytes JMP 00010F57
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!GetStartupInfoA 776119C9 5 Bytes JMP 0001009D
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateProcessW 77611BF3 5 Bytes JMP 00010F24
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateProcessA 77611C28 5 Bytes JMP 00010F35
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!VirtualProtect 77611DC3 5 Bytes JMP 0001005D
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateNamedPipeA 77612EF5 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateNamedPipeW 77615C0C 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreatePipe 77638E6E 5 Bytes JMP 00010082
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!LoadLibraryExW 77639109 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!LoadLibraryW 77639362 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!LoadLibraryExA 776394B4 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!LoadLibraryA 776394DC 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!VirtualProtectEx 7763DBDA 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!GetProcAddress 7765903B 5 Bytes JMP 00010F09
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateFileW 7765AECB 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!CreateFileA 7765CE5F 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[4912] kernel32.dll!WinExec 776A5CF7 5 Bytes JMP 00010F46
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegCreateKeyExA 770C39AB 5 Bytes JMP 00060043
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegCreateKeyA 770C3BA9 5 Bytes JMP 00060FBC
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegOpenKeyA 770C89C7 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegCreateKeyW 770D391E 5 Bytes JMP 00060FA1
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegCreateKeyExW 770D41F1 5 Bytes JMP 00060054
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegOpenKeyExA 770D7C42 5 Bytes JMP 00060FCD
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegOpenKeyW 770DE2B5 5 Bytes JMP 00060FDE
.text C:\Windows\Explorer.EXE[4912] ADVAPI32.dll!RegOpenKeyExW 770E7BA1 5 Bytes JMP 00060028
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!_wsystem 773D7F2F 5 Bytes JMP 00070F9E
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!system 773D804B 5 Bytes JMP 00070029
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!_creat 773DBBE1 5 Bytes JMP 00070FC3
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!_open 773DD106 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!_wcreat 773DD326 5 Bytes JMP 00070018
.text C:\Windows\Explorer.EXE[4912] msvcrt.dll!_wopen 773DD501 5 Bytes JMP 00070FDE
.text C:\Windows\Explorer.EXE[4912] WININET.dll!InternetOpenA 77714E2B 5 Bytes JMP 035E0FEF
.text C:\Windows\Explorer.EXE[4912] WININET.dll!InternetOpenUrlA 7771BFCE 5 Bytes JMP 035E0014
.text C:\Windows\Explorer.EXE[4912] WININET.dll!InternetOpenW 7774C03E 5 Bytes JMP 035E0FDE
.text C:\Windows\Explorer.EXE[4912] WININET.dll!InternetOpenUrlW 7777D722 5 Bytes JMP 035E0FCD
.text C:\Windows\Explorer.EXE[4912] WS2_32.dll!socket 77BB36D1 5 Bytes JMP 03910FEF

tennboy · 2011/08/08

Computer Crashes, Browsers Redirect, suspected malware Part 2 (gmer final))

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2604] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [01067740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [010677A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74F47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74F9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74F4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74F3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74F475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74F3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74F78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74F4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74F3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74F3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74F371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74FCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74F6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74F3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74F36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74F3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74F42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e2b29c
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e2b29c (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group0 S-1-5-21-3553960332-1338208111-840184596-513
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group1 S-1-1-0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group2 S-1-5-32-544
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group3 S-1-5-32-545
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group4 S-1-5-4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group5 S-1-5-11
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group6 S-1-5-15
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group7 S-1-2-0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group8 S-1-5-64-10
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Group9 S-1-16-12288
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-3553960332-1338208111-840184596-1000\GroupMembership@Count 10

---- EOF - GMER 1.0.15 ----

tennboy · 2011/08/08

Computer Crashes, Browsers Redirect, suspected malware Part 4 (mbr)

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-08 12:36:28
-----------------------------
12:36:28.277 OS Version: Windows 6.0.6002 Service Pack 2
12:36:28.277 Number of processors: 2 586 0xF0D
12:36:28.278 ComputerName: JOHN-PC UserName: John
12:36:32.047 Initialize success
12:38:44.432 AVAST engine defs: 11080800
12:39:00.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:39:00.410 Disk 0 Vendor: SAMSUNG_ HS10 Size: 238475MB BusType: 3
12:39:00.749 Disk 0 MBR read successfully
12:39:00.752 Disk 0 MBR scan
12:39:00.757 Disk 0 Windows VISTA default MBR code
12:39:00.867 Disk 0 scanning sectors +488394752
12:39:01.486 Disk 0 scanning C:\Windows\system32\drivers
12:40:46.220 Service scanning
12:40:47.713 Modules scanning
12:43:14.428 Disk 0 trace - called modules:
12:43:14.482 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:43:14.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dda488]
12:43:14.492 3 CLASSPNP.SYS[8bdac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ca8030]
12:43:15.699 AVAST engine scan C:\Windows
12:44:59.916 AVAST engine scan C:\Windows\system32
12:49:54.119 AVAST engine scan C:\Windows\system32\drivers
12:50:12.786 AVAST engine scan C:\Users\John
14:01:29.405 AVAST engine scan C:\ProgramData
14:23:15.137 Scan finished successfully
14:26:49.646 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat "
14:26:49.654 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR_08082011.txt "

tennboy · 2011/08/08

Computer Crashes, Browsers Redirect, suspected malware Part 5 (dds)

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by John at 14:27:17 on 2011-08-08
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1467 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Users\John\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110516083258.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Octoshape Streaming Services] "c:\users\john\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{4A22BB0F-E831-4B8C-9F38-B9B2607EA9E4} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{B8E8A66F-0318-43B8-BABB-0EDEF7E92346} : NameServer = 130.35.249.41,138.2.202.15,144.20.190.70
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\f8d92jq0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\f8d92jq0.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npoctoshape.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-31 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-26 387480]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-6 28544]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-31 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-31 165032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-7-28 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-5 123264]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-26 73728]
R2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;c:\program files\array networks\common\8,4,0,264\arr_isrv.exe [2010-8-26 398768]
R2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;c:\program files\array networks\array ssl vpn\8,4,0,264\arr_srvs.exe [2010-8-26 239024]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-31 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-31 141792]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-7-12 196912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-4 809296]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-31 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-26 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-26 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-31 314088]
S2 gupdate1ca062dcd6fd1a6;Google Update Service (gupdate1ca062dcd6fd1a6);c:\program files\google\update\GoogleUpdate.exe [2009-7-16 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]
S3 ATP;Array Networks SSL VPN Driver;c:\windows\system32\drivers\atpdrvr.sys [2010-8-26 16256]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-16 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-31 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-26 40552]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 12872]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-7-26 209408]
.
=============== Created Last 30 ================
.
2011-08-04 12:38:28 -------- d-----w- c:\programdata\!SASCORE
2011-07-31 23:30:11 -------- d-----w- c:\program files\iPod
2011-07-31 23:30:09 -------- d-----w- c:\program files\iTunes
2011-07-31 23:23:33 -------- d-----w- c:\program files\Bonjour
2011-07-27 12:31:40 -------- d-----w- c:\users\john\appdata\local\Thunderbird
2011-07-14 11:47:35 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-14 11:47:35 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-13 07:07:04 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 07:07:04 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 07:07:00 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 07:06:55 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 07:06:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-28 16:18:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-25 12:03:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:33:17.02 ===============

tennboy · 2011/08/08

Computer Crashes, Browsers Redirect, suspected malware Part 6 (attach)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/26/2008 11:02:40
System Uptime: 8/8/2011 10:36:54 (4 hours ago)
.
Motherboard: Dell Inc. | | 0D500F
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 57.915 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.612 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Array Networks SSL VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Array Networks
Name: Array Networks SSL VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: ATP
.
==== System Restore Points ===================
.
RP550: 7/13/2011 09:17:00 - Windows Update
RP551: 8/4/2011 18:16:10 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 9.4.5
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Array Networks SSL VPN Client 8,4,0,264 (Array Networks)
Ask Toolbar
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
BufferChm
C6300
C6300_Help
Cards_Calendar_OrderGift_DoMorePlugout
CCScore
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.04.0300
Cisco VPN Client 5.0.04.0300
Coupon Printer for Windows
CustomerResearchQFolder
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digsby
DocProc
DocProcQFolder
Driver Detective
EDocs
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Family Tree Maker 2009
Fingerprint Reader Suite 5.6
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
InfraRecorder
Intel(R) Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
Kodak EasyShare software
KODAK Share Button App
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
MobileMe Control Panel
Move Media Player
Mozilla Firefox 5.0 (x86 en-US)
Mozilla Thunderbird (5.0)
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Network
Nitro PDF Reader
NVIDIA Drivers
NX Client for Windows 3.4.0-7
OCR Software by I.R.I.S. 11.0
Octoshape Streaming Services
OfotoXMI
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Panda ActiveScan 2.0
PanoStandAlone
PrimoPDF -- brought to you by Nitro PDF Software
PrintKey2000
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickSet
QuickTime
QuickWordtoPDF
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Secunia PSI
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
Shop for HP Supplies
Simpo PDF Merge & Split 2.0.0.5
skin0001
SKINXSDK
Skype Toolbars
Skypeâ„¢ 5.3
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
staticcr
Status
SUPERAntiSpyware Free Edition
The Cleaner 2010
TiVo Desktop 2.7
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebEx
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Player Firefox Plugin
WinZip 14.0
WIRELESS
.
==== End Of File ===========================

broni · 2011/08/08

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and McAfee.
One of them has to go.
I suggest Lavasoft goes.

Uninstall Ask Toolbar, typical foistware.

=================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

tennboy · 2011/08/08

Combofix log file....

ComboFix 11-08-08.03 - John 08/08/2011 22:10:37.3.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2164 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 02:27 . 2011-08-09 02:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-09 02:27 . 2011-08-09 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 12:38 . 2011-08-04 12:38 -------- d-----w- c:\programdata\!SASCORE
2011-07-31 23:30 . 2011-07-31 23:30 -------- d-----w- c:\program files\iPod
2011-07-31 23:30 . 2011-07-31 23:31 -------- d-----w- c:\program files\iTunes
2011-07-31 23:23 . 2011-07-31 23:23 -------- d-----w- c:\program files\Bonjour
2011-07-27 12:31 . 2011-07-27 12:32 -------- d-----w- c:\users\John\AppData\Roaming\Thunderbird
2011-07-27 12:31 . 2011-07-27 12:32 -------- d-----w- c:\users\John\AppData\Local\Thunderbird
2011-07-27 12:31 . 2011-07-27 12:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-07-14 11:47 . 2011-07-14 11:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-14 11:47 . 2011-07-14 11:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-13 07:07 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 07:07 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 07:07 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 07:06 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 07:06 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2009-08-25 03:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2009-08-25 03:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-28 16:18 . 2010-07-31 16:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-25 12:03 . 2011-05-16 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-14 11:47 . 2011-05-07 17:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-07 02:17 . 2009-12-05 12:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2010-07-31 19:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@= "{F2F31467-B1AC-4df0-AE79-FD5FA085E22B} "
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@= "{A3E208F7-0E3A-4182-A7A6-B169D5D691AA} "
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-26 68856]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TranscodingService "= "c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
"TivoNotify "= "c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
"TivoServer "= "c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-04 4599680]
"Octoshape Streaming Services "= "c:\users\John\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe "= "c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher "= "c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"SigmatelSysTrayApp "= "c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe "= "c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-17 274608]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-4-18 869376]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
"DisableCAD "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 01:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-26 20:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digsby.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
backup=c:\windows\pss\Digsby.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-17 23:55 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"tcactive "=c:\program files\The Cleaner\tcap.exe
.
R2 gupdate1ca062dcd6fd1a6;Google Update Service (gupdate1ca062dcd6fd1a6);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
R3 ATP;Array Networks SSL VPN Driver;c:\windows\system32\DRIVERS\atpdrvr.sys [2009-09-04 16256]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-07 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-04 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-08-04 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-04 123264]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;c:\program files\Array Networks\Common\8,4,0,264\arr_isrv.exe [2010-03-10 398768]
S2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;c:\program files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [2010-03-10 239024]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-07-12 196912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 15:55]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 15:55]
.
2011-04-26 c:\windows\Tasks\User_Feed_Synchronization-{7989DFA2-DFCC-4DE9-A41A-6CC12FCF8C13}.job
- c:\windows\system32\msfeedssync.exe [2011-04-26 15:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{B8E8A66F-0318-43B8-BABB-0EDEF7E92346}: NameServer = 130.35.249.41,138.2.202.15,144.20.190.70
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f8d92jq0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Array SSL VPN8,4,0,264 - c:\program files\Array Networks\Common\8
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3448)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\msxml4.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Kodak\KODAK Share Button App\Listener.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-08 22:46:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 02:45
.
Pre-Run: 62,960,205,824 bytes free
Post-Run: 62,727,204,864 bytes free
.
- - End Of File - - 229D80C18DE673FE55F5A53A1529723C

broni · 2011/08/08

Looks good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

tennboy · 2011/08/08

Otl.txt Part 1

OTL logfile created on: 8/8/2011 22:56:17 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.39% Memory free
7.18 Gb Paging File | 5.92 Gb Available in Paging File | 82.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 58.47 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.61 Gb Free Space | 26.12% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 22:54:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/08/04 08:38:27 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/14 07:47:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/03/10 10:06:00 | 000,398,768 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
PRC - [2010/03/10 10:05:48 | 000,239,024 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
PRC - [2010/03/10 08:33:36 | 000,147,392 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/03 00:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/04/17 00:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/08/08 22:54:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 08:38:27 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 10:06:00 | 000,398,768 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe -- (Array_Utility_Service8.4.0.264)
SRV - [2010/03/10 10:05:48 | 000,239,024 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe -- (ArraySSL_VPN_Service8.4.0.264)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/26 16:50:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/07/26 16:36:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/03 00:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/04 08:38:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 08:38:25 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/23 11:02:05 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/03 20:15:14 | 000,016,256 | ---- | M] (Array Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atpdrvr.sys -- (ATP)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/09 08:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/04 01:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 01:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/25 01:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/12/03 00:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 05:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 02:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: " "
FF - prefs.js..browser.search.defaultenginename: "Secure Search "
FF - prefs.js..browser.search.order.1: " "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p= "
FF - prefs.js..network.proxy.no_proxies_on: "*.local "
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\John\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/24 15:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/17 19:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 08:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/07 18:15:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 18:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/07 18:15:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\John\AppData\Roaming\Move Networks [2010/01/04 10:30:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/24 15:21:38 | 000,000,000 | ---D | M]

[2008/09/29 22:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/08/08 11:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f8d92jq0.default\extensions
[2010/07/30 11:00:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f8d92jq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/20 16:34:42 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f8d92jq0.default\extensions\support@ancestry.com
[2010/07/23 08:20:02 | 000,002,556 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f8d92jq0.default\searchplugins\askcom.xml
[2011/06/26 21:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/16 08:17:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/05 07:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/17 15:56:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 21:10:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F8D92JQ0.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/07/14 07:47:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 13:55:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/12/23 00:24:44 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/08/08 22:33:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516083258.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [Octoshape Streaming Services] C:\Users\John\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 22:54:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/08/08 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2011/08/08 22:33:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/08 22:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/08 22:06:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/08 22:06:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/08 22:06:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/08 22:05:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/08 22:04:46 | 004,167,805 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/08/08 12:44:41 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/08/08 12:34:55 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/08/07 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 08:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/31 19:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/31 19:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/31 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/31 19:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/27 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/07/27 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Thunderbird
[2011/07/27 08:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/07/26 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Fall Festival 2011
[2009/02/13 18:01:21 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/08/08 22:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/08 22:54:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/08/08 22:33:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/08 22:31:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/08 22:31:53 | 000,302,672 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/08 22:31:53 | 000,302,672 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/08 22:31:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 22:31:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 22:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/08 22:30:59 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/08 22:29:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/08 22:06:19 | 004,167,805 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/08/08 14:26:52 | 000,073,216 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 14:26:49 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2011/08/08 12:44:42 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/08/08 12:35:40 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/08/08 10:27:13 | 000,002,305 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/08 10:21:51 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\qdx6mid6.exe
[2011/08/07 18:15:46 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/06 12:09:26 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/06 12:09:26 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/03 16:54:50 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/01 12:21:32 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/01 12:21:32 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/31 19:35:29 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/07/31 19:31:31 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/27 08:31:24 | 000,001,909 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/27 08:31:23 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/07/19 17:32:55 | 003,404,639 | ---- | M] () -- C:\Users\John\Documents\2011_UPDirectory(4).pdf
[2011/07/19 15:54:56 | 001,381,376 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/19 15:53:52 | 002,652,160 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/13 18:40:33 | 000,267,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 01:52:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/08/08 22:06:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/08 22:06:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/08 22:06:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/08 22:06:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/08 22:06:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/08 14:26:49 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2011/08/08 10:21:43 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\qdx6mid6.exe
[2011/08/07 18:15:46 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/01 19:01:05 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/31 19:31:31 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/27 08:31:21 | 000,001,909 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/27 08:31:21 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/27 08:31:21 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/07/19 17:32:51 | 003,404,639 | ---- | C] () -- C:\Users\John\Documents\2011_UPDirectory(4).pdf
[2011/04/26 12:08:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 12:08:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/02 08:12:49 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/10/03 14:35:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/10 10:05:44 | 000,140,720 | ---- | C] () -- C:\Windows\System32\arr_launch.exe
[2010/02/24 15:20:59 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/06 14:58:44 | 000,077,375 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/10/20 19:37:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 19:37:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 19:36:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 12:11:20 | 000,000,119 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/13 18:01:23 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2009/02/13 18:01:21 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2009/02/13 18:01:21 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2009/02/13 18:01:21 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2009/01/24 10:50:07 | 000,166,436 | ---- | C] () -- C:\Windows\hpoins31.dat
[2008/12/04 12:00:47 | 000,000,691 | ---- | C] () -- C:\Users\John\AppData\Roaming\GetValue.vbs
[2008/12/04 12:00:47 | 000,000,035 | ---- | C] () -- C:\Users\John\AppData\Roaming\SetValue.bat
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/08/28 14:01:24 | 000,073,216 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/30 03:11:10 | 000,302,672 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/30 02:58:17 | 000,302,672 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/07/26 18:54:50 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/07/26 18:54:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/26 16:33:33 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/26 16:26:30 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/26 16:26:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/07/26 16:21:36 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/07/26 11:01:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/17 05:23:21 | 000,001,691 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,267,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/08/15 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.purple
[2010/09/15 10:28:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Downloaded Installations
[2010/11/26 13:09:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\InfraRecorder
[2011/08/01 09:40:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
[2010/11/25 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Octoshape
[2011/03/16 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2008/11/02 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Skinux
[2010/02/12 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thecleaner
[2011/07/27 08:32:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2010/06/17 13:47:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\tmp
[2011/06/09 10:09:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\webex
[2011/08/08 22:29:56 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/26 14:22:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7989DFA2-DFCC-4DE9-A41A-6CC12FCF8C13}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/08/08 10:37:19 | 000,047,114 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/08/08 22:46:09 | 000,018,689 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/26 18:55:00 | 000,005,219 | RH-- | M] () -- C:\dell.sdr
[2011/08/08 22:30:59 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 12:17:41 | 000,016,580 | ---- | M] () -- C:\JavaRa.log
[2010/05/27 07:16:48 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/07/26 16:26:27 | 000,026,927 | ---- | M] () -- C:\newfile.enc
[2008/07/26 16:26:27 | 000,026,927 | ---- | M] () -- C:\newkey
[2011/08/08 22:30:56 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 13:09:21 | 000,000,416 | ---- | M] () -- C:\rkill.log
[2009/07/28 12:45:05 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/22 12:15:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/06/06 21:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp692.dll
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2008/05/30 16:29:56 | 000,084,480 | ---- | M] (Microsoft Corporation.) -- C:\Windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/07/18 14:34:32 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/26 19:35:33 | 000,000,574 | -HS- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

tennboy · 2011/08/08

Otl.txt Part 2

< %USERPROFILE%\Desktop\*.exe >
[2011/08/08 12:35:40 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/08/08 22:06:19 | 004,167,805 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2008/12/09 09:22:02 | 000,141,312 | ---- | M] () -- C:\Users\John\Desktop\DNSCheck.exe
[2010/08/09 14:51:12 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\John\Desktop\JavaRa.exe
[2011/08/08 22:54:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/08/08 10:21:51 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\qdx6mid6.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/13 18:37:52 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/13 18:37:22 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/07/30 03:00:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/07/30 03:00:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/13 18:37:23 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/27 19:39:21 | 000,000,402 | -HS- | M] () -- C:\Users\John\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/02/24 15:22:35 | 000,002,343 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/08/08 22:31:53 | 000,302,672 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/07/15 22:49:34 | 000,000,000 | ---D | M](C:\Users\John\Favorites\??sorted Bookmarks) -- C:\Users\John\Favorites\췀Ƴsorted Bookmarks

< End of report >

tennboy · 2011/08/08

Extras.txt

OTL Extras logfile created on: 8/8/2011 22:56:17 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.39% Memory free
7.18 Gb Paging File | 5.92 Gb Available in Paging File | 82.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 58.47 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.61 Gb Free Space | 26.12% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3CBCDFD5-6CDD-4B73-B960-A35B61E3A6FF}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{5D817B7A-5B70-45DE-A0E2-C127389F73DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A81EE77-B85A-46A1-8D3A-9FDEC5E5B6DF}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037D612D-73F3-4315-A94D-43993A7B468E}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\facebook\facebook.exe |
"{041CAE1D-2C29-4BB4-948C-9A41235861B9}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{120C8C72-759A-484F-95B4-99178612245F}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
"{12E38341-3F63-41CA-8545-F88CA7C54468}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1979E1E1-1CB9-4D0D-85B1-8AF28D3A79B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FBAD3D6-3B3C-4B17-B504-A91269878D98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{220676D5-88FF-4013-9A08-58387E8EFA17}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{289AC528-1441-4E45-AAE6-7D6F62BA71D8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{367B2E87-0567-4407-8E16-8BDDB8DE8F0D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{36825BAE-1189-4D3B-9AB3-C85C391E66AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38EA69CF-3A9A-4648-A7D1-D3A99ED5FBF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3968AAA9-4660-4AB7-A89D-DFDF897D8DE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EC87DE6-F1AB-4E12-A9FD-4E9A3529F6BD}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
"{3FD076AA-16C7-4DA9-994D-70CDDF843154}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\facebook\facebook.exe |
"{40F87769-CF54-429C-9B01-EF7015438503}" = protocol=17 | dir=in | app=c:\program files\common files\tivo shared\transfer\tivotransfer.exe |
"{4DA66EC3-671E-4340-AACC-EB70A5FD525E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6206D4E3-89F4-4EF9-BBC4-44166FCE98E9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{63DC7878-6585-4797-8B54-78F8CB8BEB51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{70071954-B7E4-4395-9A37-64FA0C777D43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{71CA3E31-0F99-41D9-B657-398799D52A86}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{79A1D54F-4014-45D6-85D8-6C678A8CD6FF}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
"{818CBBA2-B581-434F-ACE6-E15B6A831F55}" = protocol=6 | dir=in | app=c:\program files\common files\tivo shared\transfer\tivotransfer.exe |
"{8F3068EF-6679-42D6-91FF-17E44BF3366C}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
"{9392F48D-5E50-4809-9DC9-B3B9A7A0C8E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{997B9E20-6CF4-4439-9F18-78E8E69F6B16}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
"{9AA6A004-0E1B-4D1A-9805-1E1D1A40A989}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{9F1600E5-94A7-4523-9DF7-82A6E81A81ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{A0BA1BAB-3506-4AA7-8066-40726D1F8392}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A65542EE-7DD5-4447-8555-EF3A0207DD6A}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ADDAC74F-572E-4A9A-8FE2-1B1E10EC709E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{C5ACCFC7-F2CB-460E-BC06-C90F29BC3A8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C6315069-3760-4929-A454-7E81D2F4E64E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C966C945-BA44-4057-B013-285CCCB38E91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{CD845AB7-CBC1-4EBF-9097-5C74E39D6CE3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E6178368-1F6B-4A93-A6E8-6BC06215C44B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{E84E3683-D0CB-40B7-B2C0-1CDF9D2B1EE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{EA65982F-D86C-402F-BD79-0EAB73BA68BD}" = dir=in | app=e:\setup\hpznui01.exe |
"{F7F9A101-F361-4E20-BA52-4A880A118438}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB674547-716D-4617-AD72-E56A0FF92D93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{FBF5CAFE-B1C0-438C-B5A9-98250A743974}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{FEA39098-2E77-4957-ACB5-DCF9324E4B1B}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
"{FF7C1192-6276-4E01-BB6E-44D441E14E03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31BA2DC1-AEA1-4FE5-95BE-5D0325C33CB4}" = Nitro PDF Reader
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.7
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skypeâ„¢ 5.3
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Cisco Connect" = Cisco Connect
"Cisco VPN Client 5.0.04.0300" = Cisco VPN Client 5.0.04.0300
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Digsby" = Digsby
"Family Tree Maker 2009" = Family Tree Maker 2009
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InfraRecorder" = InfraRecorder
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.4.0-7
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrintKey2000" = PrintKey2000
"QuickWordtoPDF" = QuickWordtoPDF
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"Shop for HP Supplies" = Shop for HP Supplies
"Simpo PDF Merge & Split_is1" = Simpo PDF Merge & Split 2.0.0.5
"The Cleaner_is1" = The Cleaner 2010
"TiVo Desktop 2.7" = TiVo Desktop 2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2011 10:01:15 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/8/2011 14:43:33 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:22:49 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:23:17 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:23:17 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:23:17 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 472: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:23:17 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 04:27:04 | Computer Name = John-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/13/2011 08:48:41 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/17/2011 19:53:24 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ Broadcom Wireless LAN Events ]
Error - 8/26/2009 22:22:15 | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 22:22:12, Wed, Aug 26, 09 Error - Unable to gain access to user store

Error - 8/26/2009 22:26:22 | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 22:26:22, Wed, Aug 26, 09 Error - Unable to gain access to user store

Error - 2/6/2010 16:33:30 | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 15:33:30, Sat, Feb 06, 10 Error - Unable to gain access to user store

Error - 4/26/2010 10:19:01 | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 10:18:58, Mon, Apr 26, 10 Error - Unable to gain access to user store

[ OSession Events ]
Error - 3/11/2009 03:05:56 | Computer Name = John-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 194486
seconds with 180 seconds of active time. This session ended with a crash.

Error - 3/11/2009 03:05:57 | Computer Name = John-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 194699
seconds with 540 seconds of active time. This session ended with a crash.

Error - 7/29/2009 03:06:40 | Computer Name = John-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 624024
seconds with 1380 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/17/2008 15:03:10 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:25 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:25 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:27 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:28 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:29 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:30 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:31 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 17:06:32 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/17/2008 18:24:09 | Computer Name = John-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:22:08 PM on 8/17/2008 was unexpected.

< End of report >

broni · 2011/08/08

How is computer doing?

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
O15 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3553960332-1338208111-840184596-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

tennboy · 2011/08/08

OTL TEXT output from Run Fix

HI Broni,

The computer seems to be running well, but I haven't tried any of the full scan kinds of things that used to blow it up.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Registry key HKEY_USERS\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3553960332-1338208111-840184596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 115514885 bytes
->Temporary Internet Files folder emptied: 33408831 bytes
->Java cache emptied: 2636972 bytes
->FireFox cache emptied: 72608697 bytes
->Google Chrome cache emptied: 118394743 bytes
->Apple Safari cache emptied: 20893696 bytes
->Flash cache emptied: 99091 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08082011_235340

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/08/08

Test it whenever you can.

Log in or Sign up

Solved Computer Crashes, Browsers Redirect, suspected malware

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Computer Crashes, Browsers Redirect, suspected malware

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

tennboy Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches