Solved Windows Explorer not working, random shut downs

mmc5311 · 2011/12/31

[Resolved] Windows Explorer not working, random shut downs

My laptop started acting up last night; I repeatedly got error messages saying Windows Explorer was not working. After the messages started, I experienced unusual slowness. It shut down a couple of times on its own.
And the default Vista theme that I have for my start menu/task bar/windows kind of disappeared and was replaced by an older version (1998 old). I could not get MBAM in particular to open. Other programs opened and quickly stopped responding but the computer froze up every time I tried to open MBAM.

When I started my computer back up this afternoon the problems persisted but after a couple of restarts (that had to be forced because of freezing), everything was suddenly back to normal. I suppose that all COULD be chalked up to something not related to a virus, but upon running MBAM (for the purpose of this post), several objects were detected and I just need to be sure. Truth be told, I haven't followed the guidelines (which I received the first time WindowsBBS helped clean my computer) to the letter, and I also have not been the only one using the computer so...I wouldn't be surprised.

* I have a full subscription to McAfee which I ran (no threats detected), otherwise no action has been taken to attempt to fix the problem and no new programs have been installed.

MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Megan :: HOME-PC [administrator]

12/31/2011 3:34:35 PM
mbam-log-2011-12-31 (15-34-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183344
Time elapsed: 19 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Megan\AppData\Local\Temp\jyhgje.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\notepad.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\wera0.756376518690895.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\wera0.6223395988727608.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\oiu0.03782246581769144.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Megan\AppData\Local\Temp\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

(continued...)

mmc5311 · 2011/12/31

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-31 17:20:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB2O
Running: 5tblclcn.exe; Driver: C:\Users\Megan\AppData\Local\Temp\pxldipow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82970498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x829704C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x829704AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82970484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82266982 5 Bytes JMP 82970488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8242C143 5 Bytes JMP 829704C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8244B89A 7 Bytes JMP 8297049C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8244BB5D 5 Bytes JMP 829704B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\drivers\jdtaxxqs.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 002A0014
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00290F66
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00290F81
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 002900F3
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 002900D8
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00290091
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00290040
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00290FEF
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00290F92
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00290076
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00290FD4
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00290FC3
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 0029005B
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 002900A2
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00290F41
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00290025
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 0029000A
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 766360CF 5 Bytes JMP 002900C7
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 002C0F80
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 002C001B
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 002C002C
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 002C0F6F
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 002C000A
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 002C0FD4
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 002C0FAF
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 002D0031
.text C:\Windows\system32\services.exe[692] msvcrt.dll!system 766D804B 5 Bytes JMP 002D0FA6
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 002D000C
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_open 766DD106 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 002D0FB7
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 002D0FDE
.text C:\Windows\system32\services.exe[692] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 002E000A
.text C:\Windows\system32\services.exe[692] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 002E001B
.text C:\Windows\system32\services.exe[692] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 002E002C
.text C:\Windows\system32\services.exe[692] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 002E0047
.text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 760136D1 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 000E0000
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 000E0FD4
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 000D0F34
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 000D0F59
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 000D0F08
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 000D0F19
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 000D0062
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 000D0FD4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 000D001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 000D0084
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 000D0051
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 000D0040
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 000D0F9E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 000D0FAF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 000D0073
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 000D00C4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 000D000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 766360CF 5 Bytes JMP 000D0095
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00990080
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 0099004A
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 0099000A
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00990065
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00990FB9
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00990FEF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00990025
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00990FDE
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 009E0031
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 766D804B 5 Bytes JMP 009E0FA6
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 009E0FC1
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 766DD106 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 009E0016
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 009E0FD2
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 760136D1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\lsass.exe[708] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00A20000
.text C:\Windows\system32\lsass.exe[708] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00A20FE5
.text C:\Windows\system32\lsass.exe[708] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00A20FD4
.text C:\Windows\system32\lsass.exe[708] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 00A20025
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00860FE5
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 0086001B
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00850F5F
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 0085009B
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00850F4E
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 008500DB
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00850065
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00850014
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00850F70
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 765C927C 3 Bytes JMP 0085004A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW + 4 765C9280 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00850F97
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00850039
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00850FA8
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00850076
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 0085010A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00850FD4
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!WinExec 766360CF 5 Bytes JMP 008500C0
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00890FA6
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!system 766D804B 5 Bytes JMP 00890031
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00890FD2
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_open 766DD106 5 Bytes JMP 00890FE3
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00890FB7
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00890000
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00880FC0
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00880FD1
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00880058
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 0088007D
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00880036
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00880047
.text C:\Windows\system32\svchost.exe[900] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[900] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[900] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 008E0FD4
.text C:\Windows\system32\svchost.exe[900] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 008E001B
.text C:\Windows\system32\svchost.exe[900] WS2_32.dll!socket 760136D1 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 0084000A
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00830EF0
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00830F01
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00830EBD
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00830ECE
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 0083002C
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00830FB9
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00830F9E
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00830F1C
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00830F48
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00830F6F
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00830011
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00830000
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00830F37
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00830EAC
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00830FCA
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00830EDF
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 766D804B 5 Bytes JMP 00870014
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00870FAB
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 766DD106 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00870F9A
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00870FD2
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00860FB9
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00860FCA
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 0086005B
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00860FA8
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 0086002C
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00860011
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00860FDB
.text C:\Windows\system32\svchost.exe[960] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[960] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[960] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00880FE5
.text C:\Windows\system32\svchost.exe[960] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 0088002C
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 760136D1 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00850000
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00850025
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00840F54
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00840F6F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 008400DA
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 008400B5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 0084007F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00840FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00840025
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 0084009A
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00840FA5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00840051
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00840062
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00840036
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00840F8A
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00840F28
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00840FE5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 0084000A
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00840F43
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00990FCA
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!system 766D804B 5 Bytes JMP 00990055
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 766DBBE1 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00990FE5
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_open 766DD106 5 Bytes JMP 0099000C
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 0099003A
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 0099001D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 0098003D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 0098002C
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00980FE5
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00980FA5
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00980058
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 0098001B
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00980000
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00980FCA
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00DB0FE5
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00DB0000
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00DB0FCA
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 00DB0FA5
.text C:\Windows\System32\svchost.exe[1000] WS2_32.dll!socket 760136D1 5 Bytes JMP 00830FEF
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00480000
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00480FD4
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00480FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 003E0F2A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 003E007A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 003E0EF4
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 003E0095
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 003E003D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 003E0FB9
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 003E0F9E
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 003E0069
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 003E0F6F
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 003E001B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 003E002C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 003E000A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 003E0058
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 003E0EE3
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 003E0FD4
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 003E0FE5
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 766360CF 5 Bytes JMP 003E0F19
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 0112003D
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 766D804B 5 Bytes JMP 0112002C
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 01120FCD
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 766DD106 5 Bytes JMP 01120FEF
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 01120FB2
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 01120FDE
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 01050039
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 01050014
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 01050FEF
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 01050F8D
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 01050F7C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 01050FC3
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 01050FD4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 01050FA8
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 01130000
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 01130FDB
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 01130011
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 01130022
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 760136D1 5 Bytes JMP 002C0FEF
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 0122000A
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 01220036
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 01220025
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 01210F1C
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 01210062
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 01210ED5
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 01210EF0
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 01210F5C
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 01210FCA
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 0121001B
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 01210051
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 01210036
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 01210F94
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 01210F83
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 01210FAF
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 01210F41
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 01210EBA
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 0121000A
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 01210FE5
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 766360CF 5 Bytes JMP 01210F0B
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 01350045
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 766D804B 5 Bytes JMP 01350FB0
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 01350FC1
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 766DD106 5 Bytes JMP 01350FEF
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 01350016
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 01350FD2
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 0134000A
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 01340F83
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 01340FEF
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 01340F68
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 0134001B
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 01340FB9
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 01340FD4
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 01340FA8
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 013A0FEF
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 013A0000
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 013A0025
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 013A0036
.text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 760136D1 5 Bytes JMP 012F0FEF
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00400025
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00400FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 003F0F48
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 003F0F59
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 003F00CE
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 003F0F37
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 003F0F8F
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 003F0022
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 003F0033
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 003F007A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 003F0FA0
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 003F005F
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 003F0FBD
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 003F0044
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 003F0F74
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 003F00F3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 003F0011
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 003F0000
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 766360CF 5 Bytes JMP 003F00B3
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00420047
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!system 766D804B 5 Bytes JMP 00420FBC
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00420018
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_open 766DD106 5 Bytes JMP 00420FEF
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00420FCD
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00420FDE
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 0043000A
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 0043001B
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00430FEF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 00430036
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 760136D1 5 Bytes JMP 00410FEF
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 0117000A
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 01170FE5
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 0117001B

(cont'd...)

mmc5311 · 2011/12/31

.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 0100007B
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 01000F35
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 010000A7
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 01000F1A
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 0100004F
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 01000FB9
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 0100000A
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 01000060
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 01000F6B
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 01000F8D
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 01000F7C
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 01000F9E
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 01000F5A
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 01000EF5
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 01000FD4
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1492] kernel32.dll!WinExec 766360CF 5 Bytes JMP 01000096
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 01190FA1
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!system 766D804B 5 Bytes JMP 01190FB2
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 01190FD7
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!_open 766DD106 5 Bytes JMP 01190000
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 0119002C
.text C:\Windows\system32\svchost.exe[1492] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 01190011
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00DF0051
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00DF0036
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00DF0FAF
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00DF0F8A
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1492] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 01320FEF
.text C:\Windows\system32\svchost.exe[1492] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 01320000
.text C:\Windows\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 01320FCA
.text C:\Windows\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 01320FA5
.text C:\Windows\system32\svchost.exe[1492] WS2_32.dll!socket 760136D1 5 Bytes JMP 01180000
.text C:\Windows\Explorer.EXE[1620] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 03790FE5
.text C:\Windows\Explorer.EXE[1620] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 03790014
.text C:\Windows\Explorer.EXE[1620] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 03790FD4
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 03760094
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 03760F44
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 037600DB
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 037600CA
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 03760F70
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 0376001B
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 03760040
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 03760F5F
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 03760F97
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 03760FC3
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 03760FA8
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 03760FD4
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 03760065
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 03760F29
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 03760FE5
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 03760000
.text C:\Windows\Explorer.EXE[1620] kernel32.dll!WinExec 766360CF 5 Bytes JMP 037600A5
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 03750062
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 03750040
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 03750000
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 03750051
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 0375007D
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 0375002F
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 03750FEF
.text C:\Windows\Explorer.EXE[1620] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 03750FDE
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 03770FB2
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!system 766D804B 5 Bytes JMP 0377003D
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 03770018
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!_open 766DD106 5 Bytes JMP 03770FEF
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 03770FC3
.text C:\Windows\Explorer.EXE[1620] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 03770FDE
.text C:\Windows\Explorer.EXE[1620] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 03780000
.text C:\Windows\Explorer.EXE[1620] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 03780FE5
.text C:\Windows\Explorer.EXE[1620] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 03780FD4
.text C:\Windows\Explorer.EXE[1620] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 03780025
.text C:\Windows\Explorer.EXE[1620] WS2_32.dll!socket 760136D1 5 Bytes JMP 03170000
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 01B80FEF
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 01B80014
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 01B80FDE
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 01140051
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 01140040
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 01140ED5
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 01140EF0
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 01140F4B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 0114001B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 01140FC0
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 01140F15
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 01140F68
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 01140F94
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 01140F79
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 01140FA5
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 01140F30
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 01140EBA
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 01140000
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 01140FE5
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!WinExec 766360CF 5 Bytes JMP 01140062
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 01BE0042
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!system 766D804B 5 Bytes JMP 01BE0FB7
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 01BE0016
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_open 766DD106 5 Bytes JMP 01BE0FE3
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 01BE0027
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 01BE0FD2
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 010B002F
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 010B0F9E
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 010B0FEF
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 010B0F8D
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 010B0F68
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 010B0014
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 010B0FD4
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 010B0FC3
.text C:\Windows\system32\svchost.exe[1624] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 01170000
.text C:\Windows\system32\svchost.exe[1624] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 01170FE5
.text C:\Windows\system32\svchost.exe[1624] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 01170FCA
.text C:\Windows\system32\svchost.exe[1624] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 01170FB9
.text C:\Windows\system32\svchost.exe[1624] WS2_32.dll!socket 760136D1 5 Bytes JMP 01BD000A
.text C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00FB0FEF
.text C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00FB0025
.text C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00FB000A
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00ED00BC
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00ED00AB
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00ED0F40
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00ED00D7
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00ED0F9B
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00ED0036
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00ED0047
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00ED0F76
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00ED0FAC
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00ED0058
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00ED0069
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00ED0FD1
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00ED0090
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00ED0F25
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00ED001B
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00ED0000
.text C:\Windows\system32\svchost.exe[1944] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00ED0F5B
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 01740029
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!system 766D804B 5 Bytes JMP 01740FA8
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 01740FD4
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_open 766DD106 5 Bytes JMP 01740FEF
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 01740FB9
.text C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 01740018
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00AF0040
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00AF0FAF
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00AF0000
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00AF0F9E
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00AF0F83
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00AF0011
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00AF0FE5
.text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00AF0FC0
.text C:\Windows\system32\svchost.exe[1944] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00F20FEF
.text C:\Windows\system32\svchost.exe[1944] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00F20FDE
.text C:\Windows\system32\svchost.exe[1944] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00F20014
.text C:\Windows\system32\svchost.exe[1944] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 00F20FC3
.text C:\Windows\system32\svchost.exe[1944] WS2_32.dll!socket 760136D1 5 Bytes JMP 00480FEF
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00870FEF
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00870FB9
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00870FCA
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00840ED8
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00840EE9
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00840065
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00840054
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00840014
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00840FB9
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00840FA8
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00840EFA
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00840F46
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00840F68
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00840F57
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00840F83
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00840F1F
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00840EBD
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00840FCA
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00840FE5
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00840043
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00850FAD
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!system 766D804B 5 Bytes JMP 00850038
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00850FD2
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!_open 766DD106 5 Bytes JMP 00850000
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00850027
.text C:\Windows\System32\svchost.exe[2300] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00850FE3
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00830069
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00830047
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00830FEF
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00830058
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00830084
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 0083001B
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 0083000A
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 0083002C
.text C:\Windows\System32\svchost.exe[2300] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00860FEF
.text C:\Windows\System32\svchost.exe[2300] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00860FD4
.text C:\Windows\System32\svchost.exe[2300] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 0086000A
.text C:\Windows\System32\svchost.exe[2300] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 0086001B
.text C:\Windows\System32\svchost.exe[2300] WS2_32.dll!socket 760136D1 5 Bytes JMP 00820000
.text C:\Windows\System32\svchost.exe[2496] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[2496] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 002C0FD4
.text C:\Windows\System32\svchost.exe[2496] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 002C0FE5
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00290F80
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 002900C6
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00290103
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 002900F2
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 0029009A
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00290022
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 0029003D
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00290FA5
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00290FC0
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00290069
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00290FD1
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 0029004E
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 002900AB
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00290114
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00290011
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00290000
.text C:\Windows\System32\svchost.exe[2496] kernel32.dll!WinExec 766360CF 5 Bytes JMP 002900E1
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 002A002C
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!system 766D804B 5 Bytes JMP 002A001B
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 002A0FAB
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!_open 766DD106 5 Bytes JMP 002A0FEF
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 002A0000
.text C:\Windows\System32\svchost.exe[2496] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 002A0FD2
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00280047
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00280025
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00280FE5
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00280036
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00280F94
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00280FCA
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00280000
.text C:\Windows\System32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00280FB9
.text C:\Windows\System32\svchost.exe[2496] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 002B0000
.text C:\Windows\System32\svchost.exe[2496] WININET.dll!InternetOpenW 7675DB21 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2496] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 002B0025
.text C:\Windows\System32\svchost.exe[2496] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 002B0FEF
.text C:\Windows\System32\svchost.exe[2496] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 002B0036
.text C:\Windows\System32\svchost.exe[2496] WS2_32.dll!socket 760136D1 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[2508] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[2508] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 008D0FB9
.text C:\Windows\system32\svchost.exe[2508] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 008D0FD4
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 008A00AE
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 008A009D
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 008A00E4
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 008A00C9
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 008A0071
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 008A0FCD
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 008A0FBC
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 008A008C
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 008A0054
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 008A0032
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 008A0043
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 008A0FAB
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 008A0F7C
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 008A00F5
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 008A0FDE
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2508] kernel32.dll!WinExec 766360CF 5 Bytes JMP 008A0F4D
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 008B0FA1
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!system 766D804B 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 008B0FC6
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!_open 766DD106 5 Bytes JMP 008B0FE3
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 008B001B
.text C:\Windows\system32\svchost.exe[2508] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 0048004E
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 0048002C
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00480FE5
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 0048003D
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00480F87
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 0048001B
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 0048000A
.text C:\Windows\system32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00480FCA
.text C:\Windows\system32\svchost.exe[2508] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[2508] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[2508] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[2508] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[2508] WS2_32.dll!socket 760136D1 5 Bytes JMP 00470FE5
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 0048000A
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00480FD4
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00480FE5
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00290F3A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00290F5F
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 002900B6
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00290F29
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00290F70
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 0029001B
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00290FCA
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00290080
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00290F8D
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00290F9E
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 0029004A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00290FB9
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 0029006F
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00290F04
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!WinExec 766360CF 5 Bytes JMP 0029009B
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 002A005F
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!system 766D804B 5 Bytes JMP 002A004E
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 002A0029
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_open 766DD106 5 Bytes JMP 002A000C
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 002A0FD4
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00280F9E
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00280FCA
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00280FEF
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 00280FB9
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 0028005B
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00280025
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 0028000A

mmc5311 · 2011/12/31

.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00280036
.text C:\Windows\system32\svchost.exe[2580] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00430000
.text C:\Windows\system32\svchost.exe[2580] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00430011
.text C:\Windows\system32\svchost.exe[2580] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00430FE5
.text C:\Windows\system32\svchost.exe[2580] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 00430FCA
.text C:\Windows\system32\svchost.exe[2580] WS2_32.dll!socket 760136D1 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 003B0FEF
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 003B0000
.text C:\Windows\System32\svchost.exe[2620] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 003B0FD4
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00370F1F
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00370F30
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 003700C0
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 003700A5
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00370F77
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00370025
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00370036
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00370F4B
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00370F94
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00370FB9
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00370051
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00370FCA
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00370F5C
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 003700D1
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 0037000A
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00370FEF
.text C:\Windows\System32\svchost.exe[2620] kernel32.dll!WinExec 766360CF 5 Bytes JMP 0037008A
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00380FB5
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!system 766D804B 5 Bytes JMP 00380036
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00380000
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_open 766DD106 5 Bytes JMP 00380FEF
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00380025
.text C:\Windows\System32\svchost.exe[2620] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00380FD2
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 00360F8D
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 00360FA8
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 00360FEF
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 0036002F
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 00360040
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 00360FCA
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 00360000
.text C:\Windows\System32\svchost.exe[2620] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 00360FB9
.text C:\Windows\System32\svchost.exe[2620] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 00390FEF
.text C:\Windows\System32\svchost.exe[2620] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 00390FDE
.text C:\Windows\System32\svchost.exe[2620] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 00390014
.text C:\Windows\System32\svchost.exe[2620] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 0039002F
.text C:\Windows\System32\svchost.exe[2620] WS2_32.dll!socket 760136D1 5 Bytes JMP 00410FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3072] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 6DA89A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3072] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 6DA899A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3572] kernel32.dll!WriteFile 765EABE1 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[3572] USER32.dll!WindowFromPoint 76A1884F 5 Bytes JMP 00FC000A
.text C:\Windows\system32\svchost.exe[3572] USER32.dll!GetForegroundWindow 76A232C4 5 Bytes JMP 00FD000A
.text C:\Windows\system32\svchost.exe[3572] USER32.dll!GetCursorPos 76A30B88 5 Bytes JMP 00FB000A
.text C:\Windows\system32\svchost.exe[3572] ole32.dll!CoCreateInstance 76B59F3E 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[3632] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3632] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[3632] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00040025
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 00060F61
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00060F7C
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00060F24
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00060F3F
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00060FE5
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00060F8D
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00060082
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00060051
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00060040
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 0006009D
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 000600D6
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[3632] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00060F50
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 000C002A
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!system 766D804B 5 Bytes JMP 000C0F9F
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 000C0FC1
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!_open 766DD106 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 000C0FB0
.text C:\Windows\system32\svchost.exe[3632] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 000C0FD2
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 000D0F68
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 000D0F9E
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 000D0F83
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 000D0F57
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 000D0FB9
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\svchost.exe[3632] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[3632] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[3632] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 000E0FCA
.text C:\Windows\system32\svchost.exe[3632] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 000E0FB9
.text C:\Windows\system32\svchost.exe[3632] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 000E0F9E
.text C:\Windows\system32\svchost.exe[3632] WS2_32.dll!socket 760136D1 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[4852] ntdll.dll!NtCreateFile 76EC4224 5 Bytes JMP 00040000
.text C:\Windows\system32\wuauclt.exe[4852] ntdll.dll!NtCreateProcess 76EC42E4 5 Bytes JMP 0004001B
.text C:\Windows\system32\wuauclt.exe[4852] ntdll.dll!NtProtectVirtualMemory 76EC4B84 5 Bytes JMP 00040FE5
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!GetStartupInfoW 765A1929 5 Bytes JMP 0007005E
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!GetStartupInfoA 765A19C9 5 Bytes JMP 00070043
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateProcessW 765A1BF3 5 Bytes JMP 00070EC7
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateProcessA 765A1C28 5 Bytes JMP 00070EE2
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!VirtualProtect 765A1DC3 5 Bytes JMP 00070F3A
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateNamedPipeA 765A2EF5 5 Bytes JMP 00070FDE
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateNamedPipeW 765A5C0C 5 Bytes JMP 00070FB9
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreatePipe 765C8F06 5 Bytes JMP 00070F18
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!LoadLibraryExW 765C927C 5 Bytes JMP 00070F61
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!LoadLibraryW 765C9400 5 Bytes JMP 00070F8D
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!LoadLibraryExA 765C9554 5 Bytes JMP 00070F72
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!LoadLibraryA 765C957C 5 Bytes JMP 00070F9E
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!VirtualProtectEx 765CDC52 5 Bytes JMP 00070F29
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!GetProcAddress 765E925B 5 Bytes JMP 00070EB6
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateFileW 765EB0EB 5 Bytes JMP 00070014
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!CreateFileA 765ED07F 5 Bytes JMP 00070FEF
.text C:\Windows\system32\wuauclt.exe[4852] kernel32.dll!WinExec 766360CF 5 Bytes JMP 00070EF3
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!_wsystem 766D7F2F 5 Bytes JMP 00090F95
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!system 766D804B 5 Bytes JMP 00090FA6
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!_creat 766DBBE1 5 Bytes JMP 00090FC1
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!_open 766DD106 5 Bytes JMP 00090FE3
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!_wcreat 766DD326 5 Bytes JMP 00090016
.text C:\Windows\system32\wuauclt.exe[4852] msvcrt.dll!_wopen 766DD501 5 Bytes JMP 00090FD2
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegCreateKeyExA 760939AB 5 Bytes JMP 000A006F
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegCreateKeyA 76093BA9 5 Bytes JMP 000A0040
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegOpenKeyA 760989C7 5 Bytes JMP 000A000A
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegCreateKeyW 760A391E 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegCreateKeyExW 760A41F1 5 Bytes JMP 000A0080
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegOpenKeyExA 760A7C42 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegOpenKeyW 760AE2B5 5 Bytes JMP 000A001B
.text C:\Windows\system32\wuauclt.exe[4852] ADVAPI32.dll!RegOpenKeyExW 760B7BA1 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\wuauclt.exe[4852] WININET.dll!InternetOpenA 7675D6A8 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\wuauclt.exe[4852] WININET.dll!InternetOpenW 7675DB21 5 Bytes JMP 001E0000
.text C:\Windows\system32\wuauclt.exe[4852] WININET.dll!InternetOpenUrlA 7675F3BC 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\wuauclt.exe[4852] WININET.dll!InternetOpenUrlW 767A6DFF 5 Bytes JMP 001E0FC3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\mfevtps.exe[2232] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0105A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[2232] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0105A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp NEOFLTR_650_14951.SYS
AttachedDevice \Driver\tdx \Device\Udp NEOFLTR_650_14951.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

mmc5311 · 2011/12/31

aswMBR

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-31 17:34:51
-----------------------------
17:34:51.303 OS Version: Windows 6.0.6002 Service Pack 2
17:34:51.303 Number of processors: 2 586 0x170A
17:34:51.304 ComputerName: HOME-PC UserName: Megan
17:34:53.637 Initialize success
17:35:25.039 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:35:25.052 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
17:35:25.101 Disk 0 MBR read successfully
17:35:25.104 Disk 0 MBR scan
17:35:25.106 Disk 0 TDL4@MBR code has been found
17:35:25.110 Disk 0 Windows VISTA default MBR code found via API
17:35:25.113 Disk 0 MBR hidden
17:35:25.116 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:35:25.135 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:35:25.163 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 135026 MB offset 30801920
17:35:25.167 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 307337216
17:35:25.293 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 307339264
17:35:25.309 Disk 0 MBR [TDL4] **ROOTKIT**
17:35:25.315 Disk 0 trace - called modules:
17:35:25.667 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873b349f]<<
17:35:25.673 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863fc8e0]
17:35:25.680 3 CLASSPNP.SYS[8a7a98b3] -> nt!IofCallDriver -> [0x870c9410]
17:35:25.687 \Driver\iaStor[0x870e0ed0] -> IRP_MJ_CREATE -> 0x873b349f
17:35:25.694 Scan finished successfully
17:35:48.398 Disk 0 MBR has been saved successfully to "C:\Users\Megan\Desktop\MBR.dat "
17:35:48.459 The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR.txt "

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Megan at 17:47:12 on 2011-12-31
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1638 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111223141502.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8A6FFCE8-4AD7-4B1E-9B0B-FD5D1F417F07} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8F3649C0-74D0-4822-9508-5850A8667A9B} : DhcpNameServer = 75.75.76.76 75.75.75.75
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\megan\appdata\roaming\mozilla\firefox\profiles\f9sgyw1b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-11-24 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-11-24 165680]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [2011-11-18 85288]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-18 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-24 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-24 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-11-24 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-11-24 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-24 150856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-19 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-11-24 180816]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-11-24 338176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-24 57600]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-7-20 45344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 135664]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-11-24 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-11-24 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-19 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-31 20:58:39 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a77e6761-e1c3-47ec-ad6b-2b3719fb5dce}\offreg.dll
2011-12-31 18:44:43 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a77e6761-e1c3-47ec-ad6b-2b3719fb5dce}\mpengine.dll
2011-12-31 05:14:47 -------- d--h--w- c:\users\megan\appdata\local\MicrosoftNT
2011-12-19 03:40:10 -------- d-----w- c:\program files\Application Updater
2011-12-19 03:40:09 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-19 03:40:09 -------- d-----w- c:\program files\common files\Spigot
2011-12-17 02:11:47 0 ---ha-w- c:\users\megan\appdata\local\BITAC64.tmp
2011-12-15 22:09:05 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 22:09:04 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 22:08:57 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 22:08:55 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 22:08:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 22:07:20 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 22:06:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 22:02:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-18 19:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 17:49:09.35 ===============

mmc5311 · 2011/12/31

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 1/18/2009 7:04:08 PM
System Uptime: 12/31/2011 3:58:12 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 132 GiB total, 77.476 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.138 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP782: 12/28/2011 8:51:40 AM - Windows Update
RP783: 12/29/2011 12:13:37 PM - Windows Update
RP784: 12/30/2011 12:24:01 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon Kindle
Apple Application Support
Apple Software Update
Banctec Service Agreement
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comcast High-Speed Internet Install Wizard
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
DELL0604
Digital Line Detect
DivX Setup
DXG-572V
EarthLink Setup Files
EDocs
Google Chrome
Google Desktop
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photo Creations
HP Update
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Access 2010
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NOOKstudy
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PDF Settings
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Spybot - Search & Destroy
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
YouTube Downloader 3.4
YouTube Downloader Toolbar v4.9
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 5:48:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
12/31/2011 5:48:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
12/31/2011 5:45:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/31/2011 5:45:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
12/31/2011 4:00:23 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/31/2011 4:00:23 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
12/31/2011 4:00:23 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
12/31/2011 3:15:22 PM, Error: EventLog [6008] - The previous system shutdown at 3:14:05 PM on 12/31/2011 was unexpected.
12/31/2011 12:42:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
12/31/2011 12:34:42 AM, Error: EventLog [6008] - The previous system shutdown at 12:33:00 AM on 12/31/2011 was unexpected.
12/31/2011 12:25:51 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/31/2011 12:14:47 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/31/2011 1:57:15 PM, Error: EventLog [6008] - The previous system shutdown at 1:55:28 PM on 12/31/2011 was unexpected.
12/28/2011 5:26:50 PM, Error: Microsoft Antimalware [3002] -
12/28/2011 3:28:28 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/25/2011 12:08:29 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

That's everything
- mmc5311

broni · 2011/12/31

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

mmc5311 · 2012/01/01

08:45:33.0908 3568 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
08:45:34.0265 3568 ============================================================
08:45:34.0265 3568 Current date / time: 2012/01/01 08:45:34.0265
08:45:34.0265 3568 SystemInfo:
08:45:34.0265 3568
08:45:34.0266 3568 OS Version: 6.0.6002 ServicePack: 2.0
08:45:34.0266 3568 Product type: Workstation
08:45:34.0266 3568 ComputerName: HOME-PC
08:45:34.0266 3568 UserName: Megan
08:45:34.0266 3568 Windows directory: C:\Windows
08:45:34.0266 3568 System windows directory: C:\Windows
08:45:34.0266 3568 Processor architecture: Intel x86
08:45:34.0266 3568 Number of processors: 2
08:45:34.0266 3568 Page size: 0x1000
08:45:34.0266 3568 Boot type: Normal boot
08:45:34.0266 3568 ============================================================
08:45:35.0543 3568 Initialize success
08:46:18.0703 2580 ============================================================
08:46:18.0703 2580 Scan started
08:46:18.0703 2580 Mode: Manual;
08:46:18.0703 2580 ============================================================
08:46:22.0306 2580 85a47440 (173d080782c26090b94cc09854c8a383) C:\Windows\TEMP\5D5E.tmp
08:46:22.0333 2580 85a47440 - ok
08:46:22.0781 2580 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:46:22.0786 2580 ACPI - ok
08:46:23.0000 2580 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:46:23.0019 2580 adp94xx - ok
08:46:23.0073 2580 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:46:23.0079 2580 adpahci - ok
08:46:23.0438 2580 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:46:23.0454 2580 adpu160m - ok
08:46:23.0601 2580 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:46:23.0605 2580 adpu320 - ok
08:46:24.0078 2580 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:46:24.0105 2580 AFD - ok
08:46:24.0494 2580 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:46:24.0496 2580 agp440 - ok
08:46:24.0798 2580 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:46:24.0801 2580 aic78xx - ok
08:46:24.0848 2580 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:46:24.0850 2580 aliide - ok
08:46:24.0925 2580 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:46:24.0972 2580 amdagp - ok
08:46:25.0293 2580 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:46:25.0317 2580 amdide - ok
08:46:25.0460 2580 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:46:25.0477 2580 AmdK7 - ok
08:46:25.0534 2580 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:46:25.0537 2580 AmdK8 - ok
08:46:25.0969 2580 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:46:25.0996 2580 ApfiltrService - ok
08:46:26.0529 2580 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:46:26.0552 2580 arc - ok
08:46:27.0058 2580 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:46:27.0060 2580 arcsas - ok
08:46:27.0136 2580 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:46:27.0148 2580 AsyncMac - ok
08:46:27.0300 2580 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:46:27.0301 2580 atapi - ok
08:46:27.0424 2580 BCM42RLY - ok
08:46:27.0744 2580 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:46:28.0133 2580 BCM43XX - ok
08:46:28.0798 2580 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:46:28.0800 2580 Beep - ok
08:46:29.0544 2580 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:46:29.0562 2580 blbdrive - ok
08:46:30.0243 2580 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:46:30.0255 2580 bowser - ok
08:46:30.0622 2580 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:46:30.0623 2580 BrFiltLo - ok
08:46:30.0766 2580 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:46:30.0801 2580 BrFiltUp - ok
08:46:31.0497 2580 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:46:31.0500 2580 Brserid - ok
08:46:31.0776 2580 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:46:31.0787 2580 BrSerWdm - ok
08:46:32.0399 2580 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:46:32.0400 2580 BrUsbMdm - ok
08:46:32.0583 2580 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:46:32.0588 2580 BrUsbSer - ok
08:46:32.0831 2580 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:46:32.0833 2580 BTHMODEM - ok
08:46:32.0958 2580 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:46:32.0961 2580 cdfs - ok
08:46:33.0735 2580 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:46:33.0738 2580 cdrom - ok
08:46:33.0928 2580 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
08:46:33.0930 2580 cfwids - ok
08:46:34.0032 2580 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:46:34.0034 2580 circlass - ok
08:46:34.0240 2580 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:46:34.0246 2580 CLFS - ok
08:46:35.0267 2580 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:46:35.0284 2580 CmBatt - ok
08:46:36.0215 2580 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:46:36.0217 2580 cmdide - ok
08:46:37.0102 2580 CoachUsb (577e2d85e908e5eb9311b54e8b56447b) C:\Windows\system32\DRIVERS\CoachUsb.sys
08:46:37.0130 2580 CoachUsb - ok
08:46:37.0899 2580 CoachVid (f084c7b8e08d761040b708e65468ec2e) C:\Windows\system32\DRIVERS\CoachVid.sys
08:46:37.0916 2580 CoachVid - ok
08:46:38.0278 2580 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:46:38.0298 2580 Compbatt - ok
08:46:39.0012 2580 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:46:39.0033 2580 crcdisk - ok
08:46:39.0386 2580 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:46:39.0401 2580 Crusoe - ok
08:46:40.0467 2580 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:46:40.0492 2580 DfsC - ok
08:46:40.0962 2580 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:46:40.0964 2580 disk - ok
08:46:41.0302 2580 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:46:41.0336 2580 drmkaud - ok
08:46:42.0319 2580 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:46:42.0332 2580 DXGKrnl - ok
08:46:42.0986 2580 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
08:46:43.0385 2580 e1express - ok
08:46:43.0580 2580 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:46:43.0586 2580 E1G60 - ok
08:46:43.0761 2580 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:46:43.0765 2580 Ecache - ok
08:46:44.0096 2580 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:46:44.0159 2580 elxstor - ok
08:46:45.0528 2580 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:46:45.0688 2580 ErrDev - ok
08:46:46.0172 2580 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:46:46.0199 2580 exfat - ok
08:46:46.0318 2580 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:46:46.0333 2580 fastfat - ok
08:46:47.0079 2580 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:46:47.0083 2580 fdc - ok
08:46:47.0479 2580 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:46:47.0492 2580 FileInfo - ok
08:46:47.0651 2580 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:46:47.0667 2580 Filetrace - ok
08:46:47.0756 2580 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:46:47.0775 2580 flpydisk - ok
08:46:47.0987 2580 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:46:48.0003 2580 FltMgr - ok
08:46:48.0867 2580 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:46:48.0883 2580 Fs_Rec - ok
08:46:49.0178 2580 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:46:49.0185 2580 gagp30kx - ok
08:46:50.0201 2580 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:46:50.0216 2580 HDAudBus - ok
08:46:50.0775 2580 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:46:50.0787 2580 HidBth - ok
08:46:50.0963 2580 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:46:50.0976 2580 HidIr - ok
08:46:51.0296 2580 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
08:46:51.0315 2580 HidUsb - ok
08:46:51.0712 2580 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:46:51.0746 2580 HpCISSs - ok
08:46:52.0010 2580 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:46:52.0027 2580 HSF_DPV - ok
08:46:52.0668 2580 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:46:52.0687 2580 HSXHWAZL - ok
08:46:53.0029 2580 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
08:46:53.0037 2580 HTTP - ok
08:46:53.0432 2580 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:46:53.0434 2580 i2omp - ok
08:46:53.0670 2580 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:46:53.0682 2580 i8042prt - ok
08:46:53.0773 2580 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
08:46:53.0775 2580 iaStor - ok
08:46:54.0191 2580 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:46:54.0230 2580 iaStorV - ok
08:46:54.0897 2580 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:46:54.0951 2580 igfx - ok
08:46:55.0252 2580 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:46:55.0253 2580 iirsp - ok
08:46:56.0051 2580 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
08:46:56.0064 2580 IntcHdmiAddService - ok
08:46:56.0123 2580 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
08:46:56.0143 2580 intelide - ok
08:46:56.0385 2580 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:46:56.0386 2580 intelppm - ok
08:46:56.0758 2580 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:46:56.0760 2580 IpFilterDriver - ok
08:46:56.0862 2580 IpInIp - ok
08:46:57.0222 2580 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:46:57.0226 2580 IPMIDRV - ok
08:46:57.0379 2580 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:46:57.0398 2580 IPNAT - ok
08:46:58.0108 2580 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:46:58.0111 2580 IRENUM - ok
08:46:58.0336 2580 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
08:46:58.0338 2580 isapnp - ok
08:46:58.0624 2580 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:46:58.0627 2580 iScsiPrt - ok
08:46:58.0992 2580 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:46:59.0188 2580 iteatapi - ok
08:46:59.0642 2580 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:46:59.0644 2580 iteraid - ok
08:47:00.0059 2580 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:00.0061 2580 kbdclass - ok
08:47:00.0325 2580 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:00.0357 2580 kbdhid - ok
08:47:00.0776 2580 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
08:47:00.0805 2580 KSecDD - ok
08:47:01.0261 2580 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:47:01.0273 2580 lltdio - ok
08:47:01.0521 2580 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
08:47:01.0541 2580 LSI_FC - ok
08:47:01.0748 2580 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
08:47:01.0751 2580 LSI_SAS - ok
08:47:01.0791 2580 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
08:47:01.0797 2580 LSI_SCSI - ok
08:47:02.0126 2580 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:47:02.0150 2580 luafv - ok
08:47:02.0508 2580 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:47:02.0529 2580 mdmxsdk - ok
08:47:02.0611 2580 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
08:47:02.0613 2580 megasas - ok
08:47:03.0035 2580 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
08:47:03.0057 2580 MegaSR - ok
08:47:03.0368 2580 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
08:47:03.0370 2580 mfeapfk - ok
08:47:03.0463 2580 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
08:47:03.0465 2580 mfeavfk - ok
08:47:03.0606 2580 mfeavfk01 - ok
08:47:03.0796 2580 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
08:47:03.0809 2580 mfebopk - ok
08:47:04.0189 2580 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
08:47:04.0211 2580 mfefirek - ok
08:47:04.0365 2580 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
08:47:04.0400 2580 mfehidk - ok
08:47:04.0488 2580 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:47:04.0489 2580 mfenlfk - ok
08:47:05.0207 2580 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
08:47:05.0210 2580 mferkdet - ok
08:47:05.0358 2580 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
08:47:05.0543 2580 mferkdk - ok
08:47:05.0857 2580 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
08:47:05.0887 2580 mfesmfk - ok
08:47:06.0416 2580 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
08:47:06.0419 2580 mfewfpk - ok
08:47:06.0943 2580 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:47:06.0944 2580 Modem - ok
08:47:07.0399 2580 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:47:07.0400 2580 monitor - ok
08:47:07.0691 2580 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:47:07.0693 2580 mouclass - ok
08:47:07.0806 2580 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:47:07.0808 2580 mouhid - ok
08:47:07.0983 2580 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:47:08.0013 2580 MountMgr - ok
08:47:08.0077 2580 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
08:47:08.0081 2580 mpio - ok
08:47:08.0496 2580 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:47:08.0499 2580 mpsdrv - ok
08:47:08.0620 2580 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:47:08.0622 2580 Mraid35x - ok
08:47:09.0155 2580 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:47:09.0159 2580 MRxDAV - ok
08:47:09.0500 2580 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:09.0503 2580 mrxsmb - ok
08:47:09.0816 2580 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:09.0821 2580 mrxsmb10 - ok
08:47:10.0213 2580 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:10.0215 2580 mrxsmb20 - ok
08:47:10.0676 2580 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
08:47:10.0703 2580 msahci - ok
08:47:10.0825 2580 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
08:47:10.0827 2580 msdsm - ok
08:47:11.0010 2580 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:47:11.0038 2580 Msfs - ok
08:47:11.0230 2580 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:47:11.0318 2580 msisadrv - ok
08:47:11.0486 2580 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:47:11.0503 2580 MSKSSRV - ok
08:47:12.0197 2580 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:12.0198 2580 MSPCLOCK - ok
08:47:12.0703 2580 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:47:12.0705 2580 MSPQM - ok
08:47:13.0138 2580 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:47:13.0162 2580 MsRPC - ok
08:47:13.0407 2580 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:47:13.0408 2580 mssmbios - ok
08:47:13.0517 2580 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:47:13.0521 2580 MSTEE - ok
08:47:13.0687 2580 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:47:13.0689 2580 Mup - ok
08:47:13.0849 2580 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:47:13.0853 2580 NativeWifiP - ok
08:47:14.0181 2580 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:47:14.0189 2580 NDIS - ok
08:47:14.0360 2580 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:14.0362 2580 NdisTapi - ok
08:47:14.0437 2580 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:14.0438 2580 Ndisuio - ok
08:47:14.0569 2580 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:14.0580 2580 NdisWan - ok
08:47:14.0825 2580 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:47:14.0851 2580 NDProxy - ok
08:47:14.0997 2580 NEOFLTR_650_14951 (0fc1898e1ebd9b22272243d4ea4168d1) C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS
08:47:14.0999 2580 NEOFLTR_650_14951 - ok
08:47:15.0473 2580 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:47:15.0475 2580 NetBIOS - ok
08:47:16.0134 2580 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:47:16.0216 2580 netbt - ok
08:47:16.0530 2580 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:47:16.0571 2580 nfrd960 - ok
08:47:16.0774 2580 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:47:16.0776 2580 Npfs - ok
08:47:17.0177 2580 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:47:17.0178 2580 nsiproxy - ok
08:47:18.0423 2580 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:47:18.0500 2580 Ntfs - ok
08:47:19.0173 2580 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:47:19.0202 2580 ntrigdigi - ok
08:47:19.0505 2580 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:47:19.0507 2580 Null - ok
08:47:19.0647 2580 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
08:47:19.0679 2580 nvraid - ok
08:47:19.0762 2580 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
08:47:19.0764 2580 nvstor - ok
08:47:19.0820 2580 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
08:47:19.0824 2580 nv_agp - ok
08:47:20.0193 2580 NwlnkFlt - ok
08:47:20.0275 2580 NwlnkFwd - ok
08:47:20.0446 2580 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:47:20.0447 2580 ohci1394 - ok
08:47:21.0486 2580 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
08:47:21.0518 2580 Packet - ok
08:47:22.0059 2580 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:47:22.0092 2580 Parport - ok
08:47:22.0303 2580 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
08:47:22.0326 2580 partmgr - ok
08:47:22.0537 2580 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:47:22.0539 2580 Parvdm - ok
08:47:22.0935 2580 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:47:22.0956 2580 pci - ok
08:47:23.0376 2580 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
08:47:23.0377 2580 pciide - ok
08:47:23.0698 2580 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
08:47:23.0701 2580 pcmcia - ok
08:47:24.0214 2580 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:47:24.0259 2580 PEAUTH - ok
08:47:24.0492 2580 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:47:24.0494 2580 PptpMiniport - ok
08:47:24.0531 2580 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
08:47:24.0559 2580 Processor - ok
08:47:24.0789 2580 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:47:24.0791 2580 PSched - ok
08:47:24.0935 2580 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
08:47:24.0937 2580 PxHelp20 - ok
08:47:25.0424 2580 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
08:47:25.0465 2580 ql2300 - ok
08:47:25.0726 2580 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:47:25.0745 2580 ql40xx - ok
08:47:26.0086 2580 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:47:26.0088 2580 QWAVEdrv - ok
08:47:26.0317 2580 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:26.0450 2580 R300 - ok
08:47:26.0750 2580 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:47:26.0770 2580 RasAcd - ok
08:47:26.0930 2580 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:47:26.0948 2580 Rasl2tp - ok
08:47:27.0033 2580 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:47:27.0053 2580 RasPppoe - ok
08:47:27.0550 2580 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:47:27.0552 2580 RasSstp - ok
08:47:27.0755 2580 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:47:27.0781 2580 rdbss - ok
08:47:28.0027 2580 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:47:28.0056 2580 RDPCDD - ok
08:47:28.0379 2580 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
08:47:28.0384 2580 rdpdr - ok
08:47:28.0616 2580 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:47:28.0617 2580 RDPENCDD - ok
08:47:28.0675 2580 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
08:47:28.0679 2580 RDPWD - ok
08:47:28.0906 2580 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
08:47:28.0935 2580 rimmptsk - ok
08:47:28.0998 2580 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
08:47:29.0000 2580 rimsptsk - ok
08:47:29.0052 2580 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
08:47:29.0054 2580 rismxdp - ok
08:47:29.0131 2580 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:47:29.0133 2580 rspndr - ok
08:47:29.0291 2580 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:47:29.0294 2580 sbp2port - ok
08:47:29.0388 2580 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
08:47:29.0391 2580 sdbus - ok
08:47:29.0773 2580 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:47:29.0792 2580 secdrv - ok
08:47:30.0049 2580 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:47:30.0051 2580 Serenum - ok
08:47:30.0088 2580 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:47:30.0091 2580 Serial - ok
08:47:30.0362 2580 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:47:30.0364 2580 sermouse - ok
08:47:30.0403 2580 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
08:47:30.0404 2580 sffdisk - ok
08:47:30.0712 2580 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
08:47:30.0713 2580 sffp_mmc - ok
08:47:30.0911 2580 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:47:30.0913 2580 sffp_sd - ok
08:47:31.0195 2580 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:47:31.0196 2580 sfloppy - ok
08:47:31.0405 2580 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
08:47:31.0438 2580 sisagp - ok
08:47:31.0757 2580 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
08:47:31.0759 2580 SiSRaid2 - ok
08:47:32.0059 2580 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
08:47:32.0084 2580 SiSRaid4 - ok
08:47:32.0228 2580 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:47:32.0263 2580 Smb - ok
08:47:32.0498 2580 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:47:32.0536 2580 spldr - ok
08:47:32.0711 2580 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:47:32.0718 2580 srv - ok
08:47:32.0924 2580 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:47:32.0930 2580 srv2 - ok
08:47:32.0985 2580 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:47:33.0059 2580 srvnet - ok
08:47:34.0050 2580 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
08:47:34.0057 2580 STHDA - ok
08:47:34.0783 2580 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
08:47:34.0803 2580 StillCam - ok
08:47:35.0129 2580 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:47:35.0131 2580 swenum - ok
08:47:35.0676 2580 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:47:35.0710 2580 Symc8xx - ok
08:47:35.0884 2580 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:47:35.0886 2580 Sym_hi - ok
08:47:35.0949 2580 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:47:35.0974 2580 Sym_u3 - ok
08:47:36.0166 2580 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
08:47:36.0180 2580 Tcpip - ok
08:47:37.0476 2580 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
08:47:37.0484 2580 Tcpip6 - ok
08:47:37.0959 2580 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
08:47:37.0983 2580 tcpipreg - ok
08:47:38.0079 2580 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:47:38.0081 2580 TDPIPE - ok
08:47:38.0127 2580 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:47:38.0128 2580 TDTCP - ok
08:47:38.0351 2580 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:47:38.0371 2580 tdx - ok
08:47:38.0678 2580 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:47:38.0680 2580 TermDD - ok
08:47:38.0939 2580 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:47:38.0942 2580 tssecsrv - ok
08:47:39.0659 2580 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:47:39.0679 2580 tunmp - ok
08:47:39.0978 2580 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:47:39.0981 2580 tunnel - ok
08:47:40.0318 2580 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
08:47:40.0321 2580 uagp35 - ok
08:47:40.0441 2580 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:47:40.0472 2580 udfs - ok
08:47:40.0643 2580 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
08:47:40.0645 2580 uliagpkx - ok
08:47:40.0737 2580 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
08:47:40.0742 2580 uliahci - ok
08:47:41.0256 2580 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:47:41.0258 2580 UlSata - ok
08:47:41.0396 2580 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:47:41.0415 2580 ulsata2 - ok
08:47:41.0483 2580 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:47:41.0485 2580 umbus - ok
08:47:41.0591 2580 USBAAPL - ok
08:47:41.0701 2580 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:47:41.0704 2580 usbccgp - ok
08:47:41.0768 2580 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:47:41.0771 2580 usbcir - ok
08:47:42.0599 2580 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:47:42.0624 2580 usbehci - ok
08:47:43.0220 2580 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:47:43.0225 2580 usbhub - ok
08:47:43.0486 2580 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:47:43.0496 2580 usbohci - ok
08:47:44.0165 2580 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
08:47:44.0168 2580 usbprint - ok
08:47:44.0431 2580 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:47:44.0458 2580 USBSTOR - ok
08:47:45.0550 2580 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:47:45.0568 2580 usbuhci - ok
08:47:45.0797 2580 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:45.0816 2580 vga - ok
08:47:46.0501 2580 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:47:46.0523 2580 VgaSave - ok
08:47:46.0718 2580 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
08:47:46.0720 2580 viaagp - ok
08:47:46.0861 2580 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
08:47:46.0864 2580 ViaC7 - ok
08:47:47.0532 2580 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
08:47:47.0535 2580 viaide - ok
08:47:47.0997 2580 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:47:48.0000 2580 volmgr - ok
08:47:48.0404 2580 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:47:48.0527 2580 volmgrx - ok
08:47:48.0884 2580 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:47:48.0893 2580 volsnap - ok
08:47:49.0072 2580 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
08:47:49.0076 2580 vsmraid - ok
08:47:49.0739 2580 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:47:49.0757 2580 WacomPen - ok
08:47:49.0878 2580 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:49.0896 2580 Wanarp - ok
08:47:49.0901 2580 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:49.0903 2580 Wanarpv6 - ok
08:47:49.0971 2580 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
08:47:49.0974 2580 Wd - ok
08:47:50.0053 2580 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:47:50.0063 2580 Wdf01000 - ok
08:47:50.0437 2580 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:47:50.0572 2580 winachsf - ok
08:47:51.0048 2580 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:47:51.0049 2580 WmiAcpi - ok
08:47:51.0183 2580 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
08:47:51.0185 2580 WpdUsb - ok
08:47:51.0376 2580 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:47:51.0378 2580 ws2ifsl - ok
08:47:51.0600 2580 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:51.0603 2580 WUDFRd - ok
08:47:51.0800 2580 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
08:47:51.0802 2580 XAudio - ok
08:47:51.0919 2580 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
08:47:51.0925 2580 yukonwlh - ok
08:47:51.0956 2580 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
08:47:51.0992 2580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:47:51.0992 2580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:47:52.0057 2580 Boot (0x1200) (ebd700f048a762508f4fe9313d8e572f) \Device\Harddisk0\DR0\Partition0
08:47:52.0060 2580 \Device\Harddisk0\DR0\Partition0 - ok
08:47:52.0085 2580 Boot (0x1200) (e8f08679977b6a68e4f6f3c553734bd6) \Device\Harddisk0\DR0\Partition1
08:47:52.0086 2580 \Device\Harddisk0\DR0\Partition1 - ok
08:47:52.0087 2580 ============================================================
08:47:52.0087 2580 Scan finished
08:47:52.0087 2580 ============================================================
08:47:52.0104 4876 Detected object count: 1
08:47:52.0104 4876 Actual detected object count: 1
08:48:17.0312 4876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:48:17.0313 4876 \Device\Harddisk0\DR0 - ok
08:48:17.0315 4876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
08:49:14.0444 0900 Deinitialize success

broni · 2012/01/01

Good

Post fresh aswMBR log.

Then...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mmc5311 · 2012/01/01

aswMBR

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-01 12:10:31
-----------------------------
12:10:31.738 OS Version: Windows 6.0.6002 Service Pack 2
12:10:31.738 Number of processors: 2 586 0x170A
12:10:31.739 ComputerName: HOME-PC UserName: Megan
12:10:49.156 Initialize success
12:11:12.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:11:12.605 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
12:11:12.642 Disk 0 MBR read successfully
12:11:12.644 Disk 0 MBR scan
12:11:12.646 Disk 0 Windows VISTA default MBR code
12:11:12.649 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:11:12.656 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:11:12.673 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 135026 MB offset 30801920
12:11:12.676 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 307337216
12:11:12.714 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 307339264
12:11:12.719 Disk 0 scanning sectors +312578048
12:11:12.973 Disk 0 scanning C:\Windows\system32\drivers
12:11:35.959 Service scanning
12:11:37.722 Modules scanning
12:12:06.837 Disk 0 trace - called modules:
12:12:06.870 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:12:06.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f56d8]
12:12:06.880 3 CLASSPNP.SYS[8a7a38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85506030]
12:12:06.884 Scan finished successfully
12:14:07.239 Disk 0 MBR has been saved successfully to "C:\Users\Megan\Desktop\MBR.dat "
12:14:07.249 The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR(1).txt "

Combofix log

ComboFix 11-12-31.03 - Megan 01/01/2012 12:35:31.3.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1362 [GMT -5:00]
Running from: c:\users\Megan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Megan\videos\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 17:43 . 2012-01-01 17:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-01 17:43 . 2012-01-01 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 13:51 . 2012-01-01 13:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A77E6761-E1C3-47EC-AD6B-2B3719FB5DCE}\offreg.dll
2011-12-31 18:44 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A77E6761-E1C3-47EC-AD6B-2B3719FB5DCE}\mpengine.dll
2011-12-31 05:14 . 2011-12-31 19:14 -------- d--h--w- c:\users\Megan\AppData\Local\MicrosoftNT
2011-12-19 03:40 . 2011-12-19 03:40 -------- d-----w- c:\program files\Application Updater
2011-12-19 03:40 . 2011-12-19 03:40 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-19 03:40 . 2011-12-19 03:40 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-17 02:11 . 2011-12-17 02:11 0 ---ha-w- c:\users\Megan\AppData\Local\BITAC64.tmp
2011-12-15 22:09 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 22:09 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 22:08 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 22:08 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 22:08 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 22:07 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 22:06 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 22:02 . 2011-11-03 04:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-06-02 17:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 19:29 . 2009-11-18 20:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-18 19:32 . 2011-11-24 15:28 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16 . 2011-11-24 15:28 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2011-11-24 15:28 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2011-11-24 15:28 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2011-11-24 15:28 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16 . 2011-11-24 15:28 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2011-11-24 15:28 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2011-11-24 15:28 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2011-11-24 15:28 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2011-03-13 16:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2011-03-13 16:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-11-10 03:45 . 2011-07-05 16:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-14 30192]
"PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online "= "c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SigmatelSysTrayApp "= "c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"SearchSettings "= "c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
c:\users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\users\Megan\AppData\Local\Temp\DellDock.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\users\Megan\AppData\Local\Temp\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-19 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-19 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-19 06:40 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
R3 CoachVid;CoachVid;c:\windows\system32\DRIVERS\CoachVid.sys [2007-04-02 45344]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-14 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [2009-12-09 85288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-18 150856]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 22:32]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 22:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\f9sgyw1b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 12:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\85a47440]
"imagepath "= "\??\c:\windows\TEMP\5D5E.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-01-01 12:46:34
ComboFix-quarantined-files.txt 2012-01-01 17:46
.
Pre-Run: 83,779,584,000 bytes free
Post-Run: 88,579,350,528 bytes free
.
- - End Of File - - FBA1736B2478DF8A1FE2F9CA21A83F8C

broni · 2012/01/01

All looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mmc5311 · 2012/01/01

My computer is doing great None of the issues I described in my original post have reoccurred thus far.

OTL

OTL logfile created on: 1/1/2012 8:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Megan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.78% Memory free
6.19 Gb Paging File | 4.89 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.86 Gb Total Space | 82.30 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.14 Gb Free Space | 62.38% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 20:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 17:00:02 | 000,308,392 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsShld.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/03 10:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/19 11:05:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/11/19 11:05:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/11/19 11:05:42 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/11/19 11:05:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/11/19 11:05:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll
MOD - [2011/11/18 22:40:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/11/18 22:40:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/11/18 22:39:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/11/18 22:38:31 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/11/18 22:37:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/14 18:47:28 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/11/03 10:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2008/11/03 10:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2008/11/03 10:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2008/11/03 10:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2008/11/03 10:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008/11/03 10:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2007/12/08 13:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/26 16:05:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/19 01:40:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/04 18:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009/12/09 08:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/17 13:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/02 17:34:06 | 000,045,344 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CoachVid.sys -- (CoachVid)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
IE - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12 "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/01 20:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 22:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/08 22:46:27 | 000,000,000 | ---D | M]

[2011/07/05 09:21:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions
[2009/05/23 18:05:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/19 11:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\f9sgyw1b.default\extensions
[2011/11/17 23:08:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\f9sgyw1b.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/10/29 15:59:06 | 000,002,071 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\f9sgyw1b.default\searchplugins\absearch-search.xml
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\f9sgyw1b.default\searchplugins\askcom.xml
[2011/12/18 22:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 22:40:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/18 22:40:13 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011/11/09 22:45:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/08 19:26:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 22:45:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Tumblr Savior = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.3.7_0\
CHR - Extension: Gmail = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/01 12:44:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111223141502.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2371395153-310035957-1365216801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FFCE8-4AD7-4B1E-9B0B-FD5D1F417F07}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3649C0-74D0-4822-9508-5850A8667A9B}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Megan\Pictures\4a1cab38-303a-4969-99a1-fcf9c5578dfb_6.jpg
O24 - Desktop BackupWallPaper: C:\Users\Megan\Pictures\4a1cab38-303a-4969-99a1-fcf9c5578dfb_6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2371395153-310035957-1365216801-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 20:54:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2012/01/01 20:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/01 12:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/01 12:46:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/01 12:34:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/01 12:34:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/01 12:34:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/01 12:33:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 12:19:10 | 004,358,797 | R--- | C] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe
[2012/01/01 08:45:06 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Megan\Desktop\tdsskiller.exe
[2011/12/31 17:36:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Megan\Desktop\dds.scr
[2011/12/31 17:32:44 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Megan\Desktop\aswMBR.exe
[2011/12/31 00:34:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/31 00:14:47 | 000,000,000 | -H-D | C] -- C:\Users\Megan\AppData\Local\MicrosoftNT
[2011/12/27 21:38:37 | 000,000,000 | ---D | C] -- C:\Users\Megan\Documents\The KMPlayer
[2011/12/18 22:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/18 22:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/12/18 22:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 20:55:08 | 000,003,989 | ---- | M] () -- C:\Users\Megan\Documents\Document1.rtf
[2012/01/01 20:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2012/01/01 20:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 20:44:11 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/01 20:39:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 20:39:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 20:39:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 20:39:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 12:44:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/01 12:19:10 | 004,358,797 | R--- | M] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe
[2012/01/01 12:14:07 | 000,000,512 | ---- | M] () -- C:\Users\Megan\Desktop\MBR.dat
[2012/01/01 08:45:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Megan\Desktop\tdsskiller.exe
[2012/01/01 08:39:40 | 000,005,972 | ---- | M] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat
[2011/12/31 22:52:14 | 000,000,653 | ---- | M] () -- C:\Users\Megan\Documents\Document.rtf
[2011/12/31 17:36:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Megan\Desktop\dds.scr
[2011/12/31 17:34:36 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Megan\Desktop\aswMBR.exe
[2011/12/31 16:03:13 | 000,302,592 | ---- | M] () -- C:\Users\Megan\Desktop\5tblclcn.exe
[2011/12/31 15:18:39 | 000,000,932 | ---- | M] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/31 13:57:05 | 269,691,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/31 13:55:41 | 000,000,000 | ---- | M] () -- C:\Users\Megan\Documents\bookmarks.html
[2011/12/31 13:25:38 | 000,612,786 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/31 13:25:38 | 000,108,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/31 00:33:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/31 00:08:44 | 000,001,941 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/12/31 00:08:43 | 000,001,799 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/12/30 13:59:39 | 000,509,876 | ---- | M] () -- C:\Users\Megan\Documents\Untitled4.gif
[2011/12/30 13:58:29 | 000,510,884 | ---- | M] () -- C:\Users\Megan\Documents\hello.gif
[2011/12/29 14:25:11 | 000,462,609 | ---- | M] () -- C:\Users\Megan\Documents\N4.gif
[2011/12/29 14:24:49 | 000,416,563 | ---- | M] () -- C:\Users\Megan\Documents\N3.gif
[2011/12/29 14:24:31 | 000,443,353 | ---- | M] () -- C:\Users\Megan\Documents\N2.gif
[2011/12/29 14:21:19 | 000,366,916 | ---- | M] () -- C:\Users\Megan\Documents\n1.gif
[2011/12/29 00:15:54 | 000,510,229 | ---- | M] () -- C:\Users\Megan\Documents\hardon2.gif
[2011/12/29 00:10:35 | 000,511,983 | ---- | M] () -- C:\Users\Megan\Documents\hardon1.gif
[2011/12/29 00:09:53 | 000,507,480 | ---- | M] () -- C:\Users\Megan\Documents\hardon.gif
[2011/12/28 02:32:04 | 008,500,760 | ---- | M] () -- C:\Users\Megan\Documents\Untitled1.psd
[2011/12/28 02:13:47 | 000,418,648 | ---- | M] () -- C:\Users\Megan\Documents\F.gif
[2011/12/28 02:12:19 | 000,399,072 | ---- | M] () -- C:\Users\Megan\Documents\G.gif
[2011/12/28 02:11:26 | 000,415,428 | ---- | M] () -- C:\Users\Megan\Documents\E.gif
[2011/12/28 02:10:58 | 000,273,350 | ---- | M] () -- C:\Users\Megan\Documents\D.gif
[2011/12/28 02:10:37 | 000,499,908 | ---- | M] () -- C:\Users\Megan\Documents\C.gif
[2011/12/28 01:30:06 | 000,420,984 | ---- | M] () -- C:\Users\Megan\Documents\7.gif
[2011/12/28 01:28:23 | 000,292,515 | ---- | M] () -- C:\Users\Megan\Documents\2.gif
[2011/12/28 01:27:24 | 000,508,883 | ---- | M] () -- C:\Users\Megan\Documents\1.gif
[2011/12/28 01:19:12 | 000,368,623 | ---- | M] () -- C:\Users\Megan\Documents\8.gif
[2011/12/28 00:32:44 | 000,507,707 | ---- | M] () -- C:\Users\Megan\Documents\monchele1.gif
[2011/12/28 00:31:27 | 000,492,259 | ---- | M] () -- C:\Users\Megan\Documents\monchele.gif
[2011/12/25 20:33:25 | 000,508,958 | ---- | M] () -- C:\Users\Megan\Documents\b.gif
[2011/12/25 20:29:49 | 000,505,617 | ---- | M] () -- C:\Users\Megan\Documents\a.gif
[2011/12/25 19:29:38 | 000,510,656 | ---- | M] () -- C:\Users\Megan\Documents\fuinn4.gif
[2011/12/25 19:29:09 | 000,504,318 | ---- | M] () -- C:\Users\Megan\Documents\fuinn3.gif
[2011/12/25 19:28:40 | 000,510,997 | ---- | M] () -- C:\Users\Megan\Documents\fuinn2.gif
[2011/12/25 19:28:11 | 000,510,021 | ---- | M] () -- C:\Users\Megan\Documents\fuinn1.gif
[2011/12/24 22:46:49 | 000,054,784 | ---- | M] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 21:11:23 | 000,000,000 | ---- | M] () -- C:\Users\Megan\AppData\Local\{C96E67B4-878E-464C-9D87-946BC53CFFD3}
[2011/12/16 10:23:19 | 001,618,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 20:46:43 | 000,498,850 | ---- | M] () -- C:\Users\Megan\Documents\biggif.gif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/07 22:38:43 | 000,000,232 | ---- | M] () -- C:\Users\Megan\Documents\dimensions.rtf
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 20:55:08 | 000,003,989 | ---- | C] () -- C:\Users\Megan\Documents\Document1.rtf
[2012/01/01 12:34:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/01 12:34:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/01 12:34:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/01 12:34:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/01 12:34:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/31 22:52:14 | 000,000,653 | ---- | C] () -- C:\Users\Megan\Documents\Document.rtf
[2011/12/31 17:35:48 | 000,000,512 | ---- | C] () -- C:\Users\Megan\Desktop\MBR.dat
[2011/12/31 16:03:12 | 000,302,592 | ---- | C] () -- C:\Users\Megan\Desktop\5tblclcn.exe
[2011/12/31 15:18:39 | 000,000,932 | ---- | C] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/31 13:55:41 | 000,000,000 | ---- | C] () -- C:\Users\Megan\Documents\bookmarks.html
[2011/12/31 00:34:31 | 269,691,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/30 13:59:39 | 000,509,876 | ---- | C] () -- C:\Users\Megan\Documents\Untitled4.gif
[2011/12/30 13:58:28 | 000,510,884 | ---- | C] () -- C:\Users\Megan\Documents\hello.gif
[2011/12/29 14:25:09 | 000,462,609 | ---- | C] () -- C:\Users\Megan\Documents\N4.gif
[2011/12/29 14:24:48 | 000,416,563 | ---- | C] () -- C:\Users\Megan\Documents\N3.gif
[2011/12/29 14:24:30 | 000,443,353 | ---- | C] () -- C:\Users\Megan\Documents\N2.gif
[2011/12/29 14:21:18 | 000,366,916 | ---- | C] () -- C:\Users\Megan\Documents\n1.gif
[2011/12/29 00:15:53 | 000,510,229 | ---- | C] () -- C:\Users\Megan\Documents\hardon2.gif
[2011/12/29 00:10:34 | 000,511,983 | ---- | C] () -- C:\Users\Megan\Documents\hardon1.gif
[2011/12/29 00:09:52 | 000,507,480 | ---- | C] () -- C:\Users\Megan\Documents\hardon.gif
[2011/12/28 02:32:01 | 008,500,760 | ---- | C] () -- C:\Users\Megan\Documents\Untitled1.psd
[2011/12/28 02:13:47 | 000,418,648 | ---- | C] () -- C:\Users\Megan\Documents\F.gif
[2011/12/28 02:12:18 | 000,399,072 | ---- | C] () -- C:\Users\Megan\Documents\G.gif
[2011/12/28 02:11:25 | 000,415,428 | ---- | C] () -- C:\Users\Megan\Documents\E.gif
[2011/12/28 02:10:57 | 000,273,350 | ---- | C] () -- C:\Users\Megan\Documents\D.gif
[2011/12/28 02:10:36 | 000,499,908 | ---- | C] () -- C:\Users\Megan\Documents\C.gif
[2011/12/28 01:30:03 | 000,420,984 | ---- | C] () -- C:\Users\Megan\Documents\7.gif
[2011/12/28 01:28:20 | 000,292,515 | ---- | C] () -- C:\Users\Megan\Documents\2.gif
[2011/12/28 01:27:22 | 000,508,883 | ---- | C] () -- C:\Users\Megan\Documents\1.gif
[2011/12/28 01:19:11 | 000,368,623 | ---- | C] () -- C:\Users\Megan\Documents\8.gif
[2011/12/28 00:32:43 | 000,507,707 | ---- | C] () -- C:\Users\Megan\Documents\monchele1.gif
[2011/12/28 00:31:25 | 000,492,259 | ---- | C] () -- C:\Users\Megan\Documents\monchele.gif
[2011/12/25 20:33:24 | 000,508,958 | ---- | C] () -- C:\Users\Megan\Documents\b.gif
[2011/12/25 20:29:47 | 000,505,617 | ---- | C] () -- C:\Users\Megan\Documents\a.gif
[2011/12/25 19:29:38 | 000,510,656 | ---- | C] () -- C:\Users\Megan\Documents\fuinn4.gif
[2011/12/25 19:29:08 | 000,504,318 | ---- | C] () -- C:\Users\Megan\Documents\fuinn3.gif
[2011/12/25 19:28:39 | 000,510,997 | ---- | C] () -- C:\Users\Megan\Documents\fuinn2.gif
[2011/12/25 19:28:10 | 000,510,021 | ---- | C] () -- C:\Users\Megan\Documents\fuinn1.gif
[2011/12/23 22:24:22 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/12/16 21:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Megan\AppData\Local\{C96E67B4-878E-464C-9D87-946BC53CFFD3}
[2011/12/12 20:46:41 | 000,498,850 | ---- | C] () -- C:\Users\Megan\Documents\biggif.gif
[2011/12/07 22:38:43 | 000,000,232 | ---- | C] () -- C:\Users\Megan\Documents\dimensions.rtf
[2011/06/03 16:15:59 | 000,054,784 | ---- | C] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 12:00:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/22 17:04:16 | 000,000,589 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2010/01/15 17:05:42 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2010/01/15 17:05:42 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2010/01/15 17:05:42 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2010/01/15 17:05:41 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2010/01/15 17:05:41 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2010/01/15 17:05:39 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2009/11/25 20:57:38 | 000,000,947 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\DataSafeDotNet.exe
[2009/09/10 22:32:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:32:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/11 21:23:57 | 000,005,972 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat
[2009/01/30 14:57:36 | 000,008,248 | ---- | C] () -- C:\Users\Megan\AppData\Local\en.ini
[2009/01/19 02:57:04 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/19 02:57:04 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/19 02:57:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/19 02:57:04 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/01/19 02:57:04 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/01/19 02:57:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/01/19 02:53:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/19 01:22:49 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/01/19 01:22:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 001,618,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,612,786 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,058 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

========== LOP Check ==========

[2011/07/05 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Ahoriw
[2011/02/26 23:42:44 | 000,000,000 | -H-D | M] -- C:\Users\Megan\AppData\Roaming\AnvSoft
[2011/10/29 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Astroburn Lite
[2011/07/03 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Audacity
[2011/05/11 10:05:38 | 000,000,000 | -H-D | M] -- C:\Users\Megan\AppData\Roaming\Barnes & Noble
[2011/09/01 17:42:44 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\eTeks
[2011/07/09 09:22:50 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\FreeBurner
[2011/07/05 10:59:06 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\FrostWire
[2011/07/03 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\gtk-2.0
[2011/11/18 09:32:51 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Juniper Networks
[2009/04/12 14:51:29 | 000,000,000 | -H-D | M] -- C:\Users\Megan\AppData\Roaming\Publish Providers
[2011/10/05 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Sony
[2011/07/05 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Urdo
[2009/01/30 15:57:31 | 000,000,000 | -H-D | M] -- C:\Users\Megan\AppData\Roaming\WildTangent
[2011/03/15 20:18:12 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\www.shadowexplorer.com
[2012/01/01 13:13:07 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/01/01 12:46:34 | 000,013,017 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/19 02:57:16 | 000,003,821 | RH-- | M] () -- C:\dell.sdr
[2009/04/27 16:46:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/27 16:46:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/01/30 14:50:13 | 000,000,795 | ---- | M] () -- C:\net_save.dna
[2011/07/21 21:49:14 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2011/07/21 21:49:14 | 000,022,729 | ---- | M] () -- C:\newkey
[2012/01/01 20:39:40 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
[2009/01/19 01:48:50 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2009/11/14 16:13:27 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/21 11:55:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/10/21 15:29:40 | 000,320,512 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp101.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/03 21:58:55 | 000,000,574 | -HS- | M] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/31 16:03:13 | 000,302,592 | ---- | M] () -- C:\Users\Megan\Desktop\5tblclcn.exe
[2011/12/31 17:34:36 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Megan\Desktop\aswMBR.exe
[2012/01/01 12:19:10 | 004,358,797 | R--- | M] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe
[2011/11/23 19:48:18 | 004,188,120 | ---- | M] (McAfee, Inc.) -- C:\Users\Megan\Desktop\McAfeeSetup.exe
[2012/01/01 20:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2012/01/01 08:45:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Megan\Desktop\tdsskiller.exe

(cont'd...)

mmc5311 · 2012/01/01

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/14 16:12:59 | 000,000,402 | -HS- | M] () -- C:\Users\Megan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/16 18:08:12 | 000,007,208 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

Extras

OTL Extras logfile created on: 1/1/2012 8:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Megan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.78% Memory free
6.19 Gb Paging File | 4.89 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.86 Gb Total Space | 82.30 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.14 Gb Free Space | 62.38% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2371395153-310035957-1365216801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039F1264-D76E-429C-BB61-DED044963D57}" = rport=139 | protocol=6 | dir=out | app=system |
"{095A4E29-FA64-4199-B1E2-67C13D996052}" = lport=137 | protocol=17 | dir=in | app=system |
"{10E28152-2316-40A0-AFC3-1C3A9D3E947A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{11098A5D-A3FD-4DE6-BC69-9AC02202C3BD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1550873A-D780-4021-99BF-2B2F6E97F7CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{19617EC4-AEE7-4EEC-9AC2-57B410BCF006}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{333C0693-A80A-46F1-897F-ECBD07163A8F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37536EAD-574A-4CEA-B45C-3C4E9B0EAC5A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{46FAAB60-00FD-4718-A41D-A30AE18A1FE6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{47314036-0C42-42CD-A42E-11AD0B682AC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{70C0F496-1AD6-42F2-B88D-AAE846CA3DFE}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B2FF8DD-0FB9-4ADB-8072-BA78784E5129}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9AB44B8D-855A-4456-907B-0A925CE9F47D}" = lport=138 | protocol=17 | dir=in | app=system |
"{BE38ECA0-A5DA-465D-87C0-3617FF577DF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{C33463BD-030F-4D8E-8DE9-0F531537A377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D33A7A2D-9ABB-4AA2-9103-0EF426D9DC4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D48D5330-B36C-4FD9-8B1B-7F1B6EA7F6D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D6351848-80C3-47BC-BFE7-A1969A794234}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF74A9D1-C57C-40DD-A78D-B495D6A583E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F996DFDC-195B-448D-BE13-4A9EF07F0C65}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD2CADC0-B579-44DA-87EF-1105952678AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BA7FE9-F194-429E-8DFA-2AB0128CCBFB}" = dir=in | app=e:\setup\hpznui01.exe |
"{0296ABBE-9EC9-45D5-AC57-307267C742B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{03FEF16D-3DDC-4766-897F-721A91E384AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{04B0BD31-9E19-4FB5-9B96-D4279A2D089A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{106A69BE-7A85-4A8C-92E6-38724442C7E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{156BB9D4-38F9-424C-96E7-F5BB4F07A662}" = protocol=6 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{1FC90032-340C-41BD-8E72-5FE948E47589}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{21180B93-CB92-4596-AB04-B3A44DFF5EAA}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{21B48E3C-B6BC-49EA-9F13-556AE0E9ECC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{23C43270-DF8C-4326-AD74-54931D571C4A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{26D48ED1-1E3A-4255-A5F2-79744DAFE506}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{3745314A-F2B3-403B-B004-1AEA9D42E9F9}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{3BA938A0-3D35-4D5B-909A-A8D89C3856D7}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{43492A09-2DD2-4563-A3A5-048F4D36A2E3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{4B6F86E2-D568-46F2-8C2C-710D1D07E798}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{51F44487-1AED-446B-B99B-EC4373CFADE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56FE42C3-A68F-41DE-ABEC-8B3F245E510D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5C502FF3-DF70-4762-ABBE-CE9979E53EC1}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{5F501E08-E721-4C1C-A7D1-F71D10C27C03}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74C9BD01-C886-4029-BDBE-895CFF8CCB73}" = protocol=17 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{79C717CE-8FCA-48E4-B707-FA6C81E1BC0F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7DB2ACE3-B440-4F85-8FD2-2935C4EB9853}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7DB31D5E-FCAF-459F-B878-15B5E0796700}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{80CA6437-00A8-442B-AEB6-15435761BAD8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{8141B2E6-09C1-439C-B8CE-459C7876407F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{85F2D962-692F-4508-8C24-33AED67613E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{86A611C7-58B2-4DDC-ACC6-173C7549C79D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{962A2CD6-1EBA-42B4-9825-FBF787581207}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96B13043-0816-417F-BDDC-8B5F603333B4}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{ABF8D60F-8EB5-4DB1-AD0C-58ABFDC9581A}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{ABFD792C-5CC3-47B5-BDD7-15189B8F526C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{AD577E08-DFAD-4212-B695-CA58CA0E1EDC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C43D9A57-6DFB-4378-8A6A-F6C49B556777}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{CB43CDFA-596A-452F-A02B-21BC46C6BDAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{D4702B80-6BC2-4DFD-BE1F-2387463B9A36}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D527AB5C-A346-4C89-A9A0-4CEE69C03570}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D965EB26-3A9E-44C5-8ABB-C1E70108BAF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E109B7D9-65A2-4A66-A4A5-4D1115149773}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E3486711-8BA6-4A58-86C2-2D9CF87FE71C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{E4052C4F-9B1F-493B-A9A8-888CBF502B7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9EE9941-D998-4643-88B8-132530696C55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED7852CC-562A-4B46-98AA-5990D2982A8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F1EB1086-618B-4ED5-8670-2D9F26D7DD0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = DXG-572V
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.AccessR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NOOKstudy" = NOOKstudy
"Office14.AccessR" = Microsoft Access 2010
"The KMPlayer" = The KMPlayer (remove only)
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2371395153-310035957-1365216801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 2:01:42 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXEV.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 2:01:42 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXEV.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:40:03 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Office\Office14\BCSSync.exe ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:40:14 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:40:17 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:40:21 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2012 9:43:12 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:44:58 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, time stamp 0x4d9f6935,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0xe74, application start time
0x01ccc8ef7285844c.

Error - 1/1/2012 9:52:56 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 9:52:59 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.1 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Broadcom Wireless LAN Events ]
Error - 6/16/2011 10:41:17 PM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 22:41:17, Thu, Jun 16, 11 Error - User " " does not have administrative
privileges on this system

Error - 6/18/2011 11:16:31 PM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 23:16:31, Sat, Jun 18, 11 Error - User " " does not have administrative
privileges on this system

Error - 6/19/2011 8:34:04 AM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 08:34:04, Sun, Jun 19, 11 Error - User " " does not have administrative
privileges on this system

Error - 6/20/2011 12:09:29 AM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 00:09:29, Mon, Jun 20, 11 Error - User " " does not have administrative
privileges on this system

Error - 6/24/2011 10:54:42 AM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 10:54:41, Fri, Jun 24, 11 Error - Unable to gain access to user store

Error - 6/24/2011 11:05:42 AM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 11:05:42, Fri, Jun 24, 11 Error - User " " does not have administrative
privileges on this system

Error - 7/5/2011 11:19:13 PM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 23:19:13, Tue, Jul 05, 11 Error - User " " does not have administrative
privileges on this system

Error - 9/13/2011 9:34:44 PM | Computer Name = Home-PC | Source = WLAN-Tray | ID = 0
Description = 21:34:40, Tue, Sep 13, 11 Error - Unable to gain access to user store

[ System Events ]
Error - 1/1/2012 1:39:01 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/1/2012 1:44:11 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/1/2012 9:40:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

broni · 2012/01/01

Good news

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
[2011/12/18 22:40:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

:Files
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\Spigot

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mmc5311 · 2012/01/02

OTL

All processes killed
========== OTL ==========
Process ApplicationUpdater.exe killed successfully!
No active process named SearchSettings.exe was found!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Megan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2704630 bytes
->Java cache emptied: 13764687 bytes
->FireFox cache emptied: 1127003589 bytes
->Google Chrome cache emptied: 377244628 bytes
->Flash cache emptied: 8489 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3710 bytes

Total Files Cleaned = 1,450.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Megan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01012012_235956

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Security Check

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Adobe Reader X (10.1.0) Adobe Reader Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

ESETScan

C:\_OTL\MovedFiles\01012012_235956\C_Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01012012_235956\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

broni · 2012/01/02

Uninstall Java(TM) 6 Update 7 .

Update Internet Explorer to version 9.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===========================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

mmc5311 · 2012/01/02

I cannot find Java(TM) 6 Update 7 to uninstall it. In Control Panel > Programs, the only things listed with the name Java are:

Java(TM) 6 Update 30

Java Auto Updater

Should I be looking elsewhere?

Otherwise, my computer is still running great. It's faster and I've experienced no problems since we started the cleaning process

OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Megan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 390220 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 708255883 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1921 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142358 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 676.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Megan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_231038

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2012/01/02

Way to go!!
Good luck and stay safe

mmc5311 · 2012/01/02

Thank you for your help

broni · 2012/01/02

You're very welcome

Log in or Sign up

Solved Windows Explorer not working, random shut downs

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Windows Explorer not working, random shut downs

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

mmc5311 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches