BleepingComputer.com: Is my computer safe to use now? How can I double check /Second opinion needed THANKS

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Is my computer safe to use now? How can I double check /Second opinion needed THANKS

#1 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 19 January 2012 - 12:55 PM

Hello,


First of all thank you for taking your time to read this post. I learned about your site through www.selectrealsecurity.com (Malware Removal Guide for Windows). I had a virus (Fake system check) and it hide everything from my desktop. It almost took control of my computer until I found http://www.selectrealsecurity.com/malware-removal-guide. I followed their directions step-by-step and it successfully removed the virus. I'm just scared to go online and enter passwords. I use my computer for work related purposes. Selectrealsecurity recommended to go to an expert site to post a topic and get a second opinion to make certain that the virus is gone. For peace of mind. Right now I have Avast!, Malwarebytes, Secunia System Score and Windows Firewall installed and updated. Is this enough and how can I make sure that it is now safe to work from my computer? Any feedback will be greatly appreciated. Thank you once again :thumbup2:

Ejhdez

#2 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 21 January 2012 - 11:11 PM

Greetings ejhdez and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum

I am Oh My! and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.


===================================================


Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.


  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

I also need a log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Create a GMER log and copy/paste it in your reply. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Things I would like to see in your reply:

  • DDS log
  • Attach.txt
  • GMER log


Regards,
Oh My!
Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 22 January 2012 - 07:25 PM

Hello Oh My!,


First of all thank you, for replying to my post. I have a Windows XP and it runs on a 32 bit system. Really appreciate the second opinion and your time. Below is my DDs.txt and my attach.txt log. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by JODY at 18:58:57 on 2012-01-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2392 [GMT -5:00]
.
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Updater For Quixbar: {e7908ac1-7e73-4b25-b31d-e33fbbb9294b} - c:\program files\quixbar\auxi\gametheorytemplaAu.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: DisallowRun = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F9DA7339-D5E9-4B42-A117-1E4AC5048E91} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jody\application data\mozilla\firefox\profiles\bc0paryd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI3TDF&PC=VI3TDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=gametheory&id=quixbar&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\jody\application data\mozilla\firefox\profiles\bc0paryd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jody\application data\mozilla\firefox\profiles\bc0paryd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\jody\application data\mozilla\firefox\profiles\bc0paryd.default\extensions\{5c7499f7-c75c-4729-ba10-57de09f18f8b}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jody\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\jody\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-1-17 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-1-17 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-1-17 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-17 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-17 314456]
R1 SASDIFSV;SASDIFSV;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-17 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-17 44768]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-12-25 8440]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-16 652872]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-12-25 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-16 20464]
S1 MpKsl08ae36e6;MpKsl08ae36e6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c8e19ed-215a-4353-8510-32fdf5f81c24}\mpksl08ae36e6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c8e19ed-215a-4353-8510-32fdf5f81c24}\MpKsl08ae36e6.sys [?]
S1 MpKsl09b04c14;MpKsl09b04c14;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8c12d6c-c980-4917-8e0b-a0b791cf599c}\mpksl09b04c14.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8c12d6c-c980-4917-8e0b-a0b791cf599c}\MpKsl09b04c14.sys [?]
S1 MpKsl0cc487c7;MpKsl0cc487c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8c12d6c-c980-4917-8e0b-a0b791cf599c}\mpksl0cc487c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8c12d6c-c980-4917-8e0b-a0b791cf599c}\MpKsl0cc487c7.sys [?]
S1 MpKsl2b3e91c3;MpKsl2b3e91c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2597e18d-6ff1-4060-af98-16bf34c23d52}\mpksl2b3e91c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2597e18d-6ff1-4060-af98-16bf34c23d52}\MpKsl2b3e91c3.sys [?]
S1 MpKsl50c81981;MpKsl50c81981;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c090f928-18ed-4b1e-ba76-1fa4c4fdf5df}\mpksl50c81981.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c090f928-18ed-4b1e-ba76-1fa4c4fdf5df}\MpKsl50c81981.sys [?]
S1 MpKsl77104c11;MpKsl77104c11;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2597e18d-6ff1-4060-af98-16bf34c23d52}\mpksl77104c11.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2597e18d-6ff1-4060-af98-16bf34c23d52}\MpKsl77104c11.sys [?]
S1 MpKslc93155ca;MpKslc93155ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{380b374a-aab3-42b5-855f-483997a948c8}\mpkslc93155ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{380b374a-aab3-42b5-855f-483997a948c8}\MpKslc93155ca.sys [?]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-1-17 127192]
S2 gupdate1ca5fce8de834ec;Google Update Service (gupdate1ca5fce8de834ec);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 133104]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-8-20 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-1-16 23624]
S3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\drivers\G311N6.sys [2010-6-22 70144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2012-01-22 23:57:14 -------- d--h--w- c:\windows\PIF
2012-01-19 01:40:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 01:25:17 -------- d-----w- c:\documents and settings\jody\local settings\application data\Secunia PSI
2012-01-19 01:24:54 -------- d-----w- c:\program files\Secunia
2012-01-18 00:50:05 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-17 14:25:23 -------- d-----w- c:\program files\Tangosoft
2012-01-17 14:14:54 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-01-17 12:55:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-17 12:07:34 -------- d-----w- c:\program files\Tweaking.com
2012-01-17 10:40:39 -------- d-----w- c:\program files\CleanUp!
2012-01-17 06:49:20 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-17 06:48:55 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-17 06:48:54 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-17 06:48:28 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-17 06:48:27 41184 ----a-w- c:\windows\avastSS.scr
2012-01-17 06:48:00 -------- d-----w- c:\program files\AVAST Software
2012-01-17 06:48:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-17 03:23:55 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-17 02:22:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 00:59:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-17 00:50:31 -------- d-----w- c:\program files\HitmanPro
2012-01-17 00:49:29 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-01-16 23:59:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-04 23:42:57 -------- d-----w- c:\documents and settings\jody\application data\TP
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-02 02:04:29 -------- d-----w- c:\documents and settings\jody\application data\Ylg
2012-01-02 02:04:29 -------- d-----w- c:\documents and settings\jody\application data\Giy
.
==================== Find3M ====================
.
2012-01-19 01:39:51 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-01-19 01:36:28 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-16 23:33:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-07 17:29:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-07 17:29:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 19:29:56 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ------w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2004-04-07 13:49:30 572729 -c--a-w- c:\program files\Setup.exe
.
============= FINISH: 19:00:54.53 ===============

Attached File(s)


#4 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 22 January 2012 - 07:44 PM

Greetings ejhdez ,

It is my pleasure to help you.

Did you attempt to run GMER? If you did and you had difficulties please let me know what happened. If you did not, kindly try to run it and copy/paste the information in a reply. It is important information to review in order to alleviate your concerns. Additional information about running GMER may be found here.

Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon :)

Oh My!
Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 23 January 2012 - 06:16 AM

Hello Oh My!,


I ran GMER and I started the scan around 7pm on Sunday and the scan was still running at 12am. I let it keep running while I went to bed. Please let me know if it is suppose to take this long or if I have to run it again. Below is the log that you requested. Thank you for your time and have a great day! :thumbup2:

Thank You,

Ejhdez


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 05:34:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\JODY\LOCALS~1\Temp\axrdapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7B00FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7B65510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA7B246A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA7B03456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA7B034AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA7B035C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7B2405D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA7B033AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA7B034FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA7B03400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA7B03572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7B00FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7B24D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA7B25025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA7B03848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7B24BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7B24A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7B655C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7B00DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7B0100C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA7B039BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7B01AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA7B03486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA7B034D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA7B035EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA7B243B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA7B033D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA7B03680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA7B0353E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA7B0342E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA7B03764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA7B0359C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7B65658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA7B248C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA7B0196A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA7B24712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA7B6D9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA7B236D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7B01030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7B01054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7B00E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7B00F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA7B24E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7B00F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7B00F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7B01078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7B797A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 16A 804E49C4 4 Bytes CALL 84F5F9D8
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A7B7815C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL A7B0200F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP A7B797A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP A7B7669C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB7FF7F80]
.text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP A7B03B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP A7B03AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP A7B03DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP A7B03FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP A7B03ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP A7B03F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP A7B03C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP A7B03CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP A7B03D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP A7B03D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP A7B039F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP A7B03B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP A7B03C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP A7B040D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\JODY\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[648] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00EA0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00EA0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00EA0600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00EA01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00EA03FC
.text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\QuickTime\qttask.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\QuickTime\qttask.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\QuickTime\qttask.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\QuickTime\qttask.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\QuickTime\qttask.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\QuickTime\qttask.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\QuickTime\qttask.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\qttask.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\ctfmon.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\smss.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\NETGEAR GA311 Adapter\GA311.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\csrss.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1332] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\dlcccoms.exe[2288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dlcccoms.exe[2288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\dlcccoms.exe[2288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\dlcccoms.exe[2288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\dlcccoms.exe[2288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\dlcccoms.exe[2288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\dlcccoms.exe[2288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006E1014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006E0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006E0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006E0C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006E0E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006E01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006E03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006E0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006F03FC
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\DOCUME~1\JODY\LOCALS~1\Temp\Rar$EX05.796\gmer.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\JODY\LOCALS~1\Temp\Rar$EX05.796\gmer.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\sua.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Secunia\PSI\sua.exe[3624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[4048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\PROGRA~1\Bandoo\Bandoo.exe[4084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r11 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2141863631 0 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740 0 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\keywords 313 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\L 0 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\L\bkkcanpd 456320 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U 0 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB38969$\2414155740\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#6 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 23 January 2012 - 03:37 PM

Greetings ejhdez,


It is not uncommon for GMER to take some time to run. The important thing is that we receive a completed log and that is what it gave us. :thumbsup:

There are remnants of a ZeroAccess infection still left on your computer. It appears it has been addressed by your previous efforts but there are some things we need to clean up, along with a few other items. Because of the nature of a ZeroAccess infection, I must advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.


===================================================


COMBOFIX

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.

Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.


===================================================


Posting Prior TDSSKiller Log

--------------------

If you ran TDSSKiller, as is one of the steps in Select Real Security, I would like to review that log.

  • A log file named TDSSKiller_version_date_time_log.txt was created and saved to the root directory (usually Local Disk C:).
  • Please copy and paste the contents of that file in your next reply.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • TDSSKiller log
  • Are you experiencing any symptoms now (this is important) or does your computer seem to be running fine?

Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 23 January 2012 - 08:20 PM

Hello Oh My!,

I would like to know if it would be ok to do the clean up and then guide me on how to reformat and reinstall the OS. It's an XP computer with a 32 bit system. I check my bank acct. balances on this computer and my e-mail accounts and purchase things online. I want what is best to feel secure again, if I have to reformat to make my computer safe I have know problem with that. I just don't now to back up some things. I know how to burn my music and photos to a cd but I don't know how to back up the other programs. Also I'm not sure If I still have my XP cd that came with the computer. I will try to look for it. Is there another way to obtain the Xp OS CD? Oh My! will reformatting the computer get rid of this backdoor trojan from the root for good? Thank you for your prompt replies and for taking you time to explain things well. :thumbsup:

Thank you,

Ejhdez

#8 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 24 January 2012 - 09:29 AM

Greetings Ejhdez,

Although cleaning your system minimizes the chances of your information being compromized in the future, the only certain way to eliminate the possibility would be to reformat your hard drive and reinstall your operating system. You would need to find your copy of the operating system or purchase a legitimate copy of Windows. We can certainly help you clean up the malware on your machine before you back up your data.

Here is a web site that can give you a good start on how to back up your computer data. Once the hard drive is reformatted and the operating system is reinstalled you will need to reinstall your programs. Programs can't be backed up like data can.

Please let me know what you would like to do. If it is to go ahead and clean your system please perform the steps outlined in the previous post so that I may review the information and determine what further steps we need to take, if any.

This post has been edited by Oh My: 24 January 2012 - 09:33 AM

Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 27 January 2012 - 08:55 AM

Good Morning Oh My!,


Yes, I would like to clean up my malware before I reformat my computer. The one thing I have noticed is that when I type something in the google search engine it takes a little while before it to allow me to keep typing into the search box. Today, before I ran combofix, I was trying to type Bleeping Computer and it just let me type upto Bleep and then the words best buy appeared in the search box on its own. After running combofix it did not do that. Other than that the computer seems to be fine. Oh My! I also want to let you know that when I ran combofix the following message popped up: Infected with Rootkit ZeroAccess has inserted itself into the tcp/ip stack. Here are the two logs you requested: Combofix.txt, TDSSKiller log. Thank you and have a nice day! :)



ComboFix 12-01-27.01 - JODY 01/27/2012 6:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2609 [GMT -5:00]
Running from: c:\documents and settings\JODY\My Documents\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\All Users\Application Data\~IkY05o5QRaomI0
c:\documents and settings\All Users\Application Data\~IkY05o5QRaomI0r
c:\documents and settings\All Users\Application Data\~mi3miKB56M37Qi
c:\documents and settings\All Users\Application Data\~mi3miKB56M37Qir
c:\documents and settings\All Users\Application Data\IkY05o5QRaomI0
c:\documents and settings\All Users\Application Data\mi3miKB56M37Qi
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\searchplugins\bing-zugo.xml
c:\documents and settings\JODY\Application Data\searchqutb
c:\documents and settings\JODY\Application Data\searchqutb\dtx.ini
c:\documents and settings\JODY\Application Data\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\documents and settings\JODY\Application Data\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\documents and settings\JODY\Application Data\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\documents and settings\JODY\Application Data\searchqutb\games\GameCategories.xml
c:\documents and settings\JODY\Application Data\searchqutb\games\GameTypes.xml
c:\documents and settings\JODY\Application Data\searchqutb\guid.dat
c:\documents and settings\JODY\Application Data\searchqutb\log.txt
c:\documents and settings\JODY\Application Data\searchqutb\preferences.dat
c:\documents and settings\JODY\Application Data\searchqutb\search\searchqutb-search-history.xml
c:\documents and settings\JODY\Application Data\searchqutb\stats.dat
c:\documents and settings\JODY\Application Data\searchqutb\uninstallIE.dat
c:\documents and settings\JODY\Application Data\searchqutb\version.xml
c:\documents and settings\JODY\Application Data\searchqutb\weather\9e8d16e6faa9a9750f1bacef50f45249
c:\documents and settings\JODY\Application Data\searchqutb\weather\e8e58b5e0ac27c262e190faed428097f
c:\documents and settings\JODY\Application Data\searchqutb\weather\forecasts_cache.xml
c:\documents and settings\JODY\Application Data\searchqutb\weather\observations_cache.xml
c:\documents and settings\JODY\Application Data\searchqutb\weatherbutton_prefs.xml
c:\documents and settings\JODY\Application Data\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\documents and settings\JODY\Application Data\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\documents and settings\JODY\Application Data\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\JODY\Application Data\searchqutb\widgets_cache\widget_cache.xml
c:\documents and settings\JODY\Desktop\System Check.lnk
c:\documents and settings\JODY\Start Menu\Programs\System Check
c:\documents and settings\JODY\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\JODY\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\JODY\WINDOWS
C:\drvrtmp
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Setup.exe
c:\program files\version.txt
c:\windows\$NtUninstallKB38969$
c:\windows\$NtUninstallKB38969$\2141863631
c:\windows\$NtUninstallKB38969$\2414155740\@
c:\windows\$NtUninstallKB38969$\2414155740\bckfg.tmp
c:\windows\$NtUninstallKB38969$\2414155740\cfg.ini
c:\windows\$NtUninstallKB38969$\2414155740\Desktop.ini
c:\windows\$NtUninstallKB38969$\2414155740\keywords
c:\windows\$NtUninstallKB38969$\2414155740\kwrd.dll
c:\windows\$NtUninstallKB38969$\2414155740\L\bkkcanpd
c:\windows\$NtUninstallKB38969$\2414155740\lsflt7.ver
c:\windows\$NtUninstallKB38969$\2414155740\U\00000001.@
c:\windows\$NtUninstallKB38969$\2414155740\U\00000002.@
c:\windows\$NtUninstallKB38969$\2414155740\U\00000004.@
c:\windows\$NtUninstallKB38969$\2414155740\U\80000000.@
c:\windows\$NtUninstallKB38969$\2414155740\U\80000004.@
c:\windows\$NtUninstallKB38969$\2414155740\U\80000032.@
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 12:37 . 2012-01-27 12:37 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-01-27 12:37 . 2012-01-27 12:37 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-01-27 12:37 . 2012-01-27 12:37 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-01-27 12:37 . 2012-01-27 12:37 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-01-27 12:37 . 2012-01-27 12:37 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-01-27 12:37 . 2012-01-27 12:37 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-01-27 12:37 . 2012-01-27 12:37 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-01-27 12:37 . 2012-01-27 12:37 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-01-27 12:37 . 2012-01-27 12:37 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-01-27 12:37 . 2012-01-27 12:37 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-01-27 12:37 . 2012-01-27 12:37 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-01-27 12:37 . 2012-01-27 12:37 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-01-27 12:36 . 2012-01-27 12:36 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-01-27 12:36 . 2012-01-27 12:36 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-01-27 12:36 . 2012-01-27 12:36 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-01-27 12:36 . 2012-01-27 12:36 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-01-27 12:36 . 2012-01-27 12:36 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-22 23:57 . 2012-01-22 23:57 -------- d--h--w- c:\windows\PIF
2012-01-19 01:46 . 2012-01-19 01:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-01-19 01:40 . 2012-01-19 01:40 -------- d-----w- c:\program files\Common Files\Java
2012-01-19 01:40 . 2012-01-19 01:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 01:25 . 2012-01-19 01:25 -------- d-----w- c:\documents and settings\JODY\Local Settings\Application Data\Secunia PSI
2012-01-19 01:24 . 2012-01-19 01:24 -------- d-----w- c:\program files\Secunia
2012-01-18 00:50 . 2012-01-27 12:35 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-17 14:25 . 2012-01-17 14:25 -------- d-----w- c:\program files\Tangosoft
2012-01-17 14:14 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-01-17 12:55 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-17 12:07 . 2012-01-17 12:07 -------- d-----w- c:\program files\Tweaking.com
2012-01-17 10:50 . 2012-01-18 00:49 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-17 10:40 . 2012-01-17 10:40 -------- d-----w- c:\program files\CleanUp!
2012-01-17 06:49 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-17 06:49 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-17 06:49 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-17 06:48 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-17 06:48 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-17 06:48 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-17 06:48 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-17 06:48 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-17 06:48 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-17 06:48 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-17 06:48 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-17 06:48 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-17 06:48 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-17 06:48 . 2012-01-17 06:48 -------- d-----w- c:\program files\AVAST Software
2012-01-17 06:48 . 2012-01-17 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-17 03:23 . 2012-01-17 03:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-17 02:22 . 2012-01-17 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-17 02:22 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 00:59 . 2012-01-17 03:23 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-17 00:50 . 2012-01-17 00:50 -------- d-----w- c:\program files\HitmanPro
2012-01-17 00:49 . 2012-01-17 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-17 00:00 . 2012-01-17 00:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2012-01-16 23:59 . 2012-01-16 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-16 23:59 . 2012-01-16 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-01-16 22:14 . 2012-01-16 22:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-16 22:14 . 2012-01-16 22:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-04 23:42 . 2012-01-05 00:13 -------- d-----w- c:\documents and settings\JODY\Application Data\TP
2012-01-04 23:38 . 2012-01-04 23:38 -------- d-----w- c:\documents and settings\JODY\Application Data\Publish Providers
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-01-02 02:04 . 2012-01-07 23:04 -------- d-----w- c:\documents and settings\JODY\Application Data\Giy
2012-01-02 02:04 . 2012-01-04 19:02 -------- d-----w- c:\documents and settings\JODY\Application Data\Ylg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 01:39 . 2010-05-27 20:23 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-01-19 01:36 . 2011-05-20 18:49 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-16 23:33 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-11 05:35 . 2010-09-08 00:32 89680 ----a-w- c:\documents and settings\MSSSerif120.fon
2011-12-07 17:29 . 2011-12-07 17:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-07 17:29 . 2011-12-07 17:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 14:09 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 14:03 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 19:29 . 2010-05-27 21:53 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-12 14:03 1292288 ------w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2004-08-12 14:03 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2004-08-12 14:02 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 01:21 . 2012-01-12 01:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 03:47 . 2008-08-04 15:47 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-23 00:13 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JODY^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\JODY\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 05:05 122939 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
2004-08-27 19:29 417792 -c--a-w- c:\program files\Dell Photo AIO Printer 962\dlbxmon.exE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 20:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 19:51 118784 -c----w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 19:55 155648 -c----w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 00:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-05 20:45 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 18:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-09 20:59 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-07 17:29 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 05:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"CiSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nitto 1320 Legends\\NittoLegendsBeta.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/17/2012 1:48 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/17/2012 1:48 AM 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/17/2012 1:49 AM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/17/2012 1:48 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/17/2012 1:49 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/17/2012 1:49 AM 20568]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/16/2012 9:22 PM 652872]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 7:53 PM 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/16/2012 9:22 PM 20464]
S1 MpKsl08ae36e6;MpKsl08ae36e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C8E19ED-215A-4353-8510-32FDF5F81C24}\MpKsl08ae36e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C8E19ED-215A-4353-8510-32FDF5F81C24}\MpKsl08ae36e6.sys [?]
S1 MpKsl09b04c14;MpKsl09b04c14;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl09b04c14.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl09b04c14.sys [?]
S1 MpKsl0cc487c7;MpKsl0cc487c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl0cc487c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl0cc487c7.sys [?]
S1 MpKsl2b3e91c3;MpKsl2b3e91c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl2b3e91c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl2b3e91c3.sys [?]
S1 MpKsl50c81981;MpKsl50c81981;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C090F928-18ED-4B1E-BA76-1FA4C4FDF5DF}\MpKsl50c81981.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C090F928-18ED-4B1E-BA76-1FA4C4FDF5DF}\MpKsl50c81981.sys [?]
S1 MpKsl77104c11;MpKsl77104c11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl77104c11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl77104c11.sys [?]
S1 MpKslc93155ca;MpKslc93155ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380B374A-AAB3-42B5-855F-483997A948C8}\MpKslc93155ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380B374A-AAB3-42B5-855F-483997A948C8}\MpKslc93155ca.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/17/2012 1:48 AM 127192]
S2 gupdate1ca5fce8de834ec;Google Update Service (gupdate1ca5fce8de834ec);c:\program files\Google\Update\GoogleUpdate.exe [11/7/2009 12:20 PM 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/20/2011 1:33 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/7/2009 12:20 PM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [1/16/2012 7:59 PM 23624]
S3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\drivers\G311N6.sys [6/22/2010 8:56 PM 70144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-13 c:\windows\Tasks\chkdsk.job
- c:\windows\system32\chkdsk.exe [2004-08-12 13:56]
.
2012-01-13 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-12 00:12]
.
2012-01-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]
.
2012-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-08 01:09]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 17:19]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 17:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI3TDF&PC=VI3TDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=gametheory&id=quixbar&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{e7908ac1-7e73-4b25-b31d-e33fbbb9294b} - c:\program files\quixbar\auxi\gametheorytemplaAu.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
Toolbar-Locked - (no file)
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
SafeBoot-43990222.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\JODY\Local Settings\Application Data\Akamai\netsession_win.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fssui.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 07:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1360)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2012-01-27 07:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 12:47
.
Pre-Run: 4,827,418,624 bytes free
Post-Run: 8,017,403,904 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C08E99391D9A0FCEE967811FA88391DC





18:31:07.0281 2760 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
18:31:07.0687 2760 ============================================================
18:31:07.0687 2760 Current date / time: 2012/01/16 18:31:07.0687
18:31:07.0687 2760 SystemInfo:
18:31:07.0687 2760
18:31:07.0687 2760 OS Version: 5.1.2600 ServicePack: 3.0
18:31:07.0687 2760 Product type: Workstation
18:31:07.0687 2760 ComputerName: EDDYJODY
18:31:07.0687 2760 UserName: Administrator
18:31:07.0687 2760 Windows directory: C:\WINDOWS
18:31:07.0687 2760 System windows directory: C:\WINDOWS
18:31:07.0687 2760 Processor architecture: Intel x86
18:31:07.0687 2760 Number of processors: 2
18:31:07.0687 2760 Page size: 0x1000
18:31:07.0687 2760 Boot type: Safe boot with network
18:31:07.0687 2760 ============================================================
18:31:12.0328 2760 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000, SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
18:31:12.0453 2760 Initialize success
18:31:14.0796 0168 ============================================================
18:31:14.0796 0168 Scan started
18:31:14.0796 0168 Mode: Manual;
18:31:14.0796 0168 ============================================================
18:31:16.0109 0168 Abiosdsk - ok
18:31:16.0156 0168 abp480n5 - ok
18:31:16.0234 0168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:16.0234 0168 ACPI - ok
18:31:16.0296 0168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:31:16.0296 0168 ACPIEC - ok
18:31:16.0312 0168 adpu160m - ok
18:31:16.0359 0168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:31:16.0359 0168 aec - ok
18:31:16.0406 0168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:31:16.0406 0168 AFD - ok
18:31:16.0421 0168 Aha154x - ok
18:31:16.0453 0168 aic78u2 - ok
18:31:16.0484 0168 aic78xx - ok
18:31:16.0531 0168 AliIde - ok
18:31:16.0562 0168 amsint - ok
18:31:16.0625 0168 asc - ok
18:31:16.0656 0168 asc3350p - ok
18:31:16.0687 0168 asc3550 - ok
18:31:16.0781 0168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:16.0781 0168 AsyncMac - ok
18:31:16.0828 0168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:16.0828 0168 atapi - ok
18:31:16.0843 0168 Atdisk - ok
18:31:16.0906 0168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:16.0906 0168 Atmarpc - ok
18:31:16.0968 0168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:16.0968 0168 audstub - ok
18:31:17.0046 0168 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:31:17.0046 0168 BANTExt - ok
18:31:17.0125 0168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:31:17.0125 0168 Beep - ok
18:31:17.0218 0168 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
18:31:17.0218 0168 bvrp_pci - ok
18:31:17.0250 0168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:17.0250 0168 cbidf2k - ok
18:31:17.0328 0168 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:31:17.0328 0168 CCDECODE - ok
18:31:17.0343 0168 cd20xrnt - ok
18:31:17.0390 0168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:17.0390 0168 Cdaudio - ok
18:31:17.0437 0168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:17.0453 0168 Cdfs - ok
18:31:17.0468 0168 CdpPacket - ok
18:31:17.0500 0168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:17.0500 0168 Cdrom - ok
18:31:17.0515 0168 Changer - ok
18:31:17.0593 0168 CmdIde - ok
18:31:17.0640 0168 Cpqarray - ok
18:31:17.0812 0168 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:31:17.0812 0168 CVirtA - ok
18:31:17.0828 0168 dac2w2k - ok
18:31:17.0859 0168 dac960nt - ok
18:31:17.0968 0168 Diag69xp (9afd0211790bb60ca4453e95e2fcfa34) C:\WINDOWS\system32\Drivers\Diag69xp.sys
18:31:17.0968 0168 Diag69xp - ok
18:31:17.0984 0168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:17.0984 0168 Disk - ok
18:31:18.0093 0168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:31:18.0109 0168 dmboot - ok
18:31:18.0140 0168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:31:18.0156 0168 dmio - ok
18:31:18.0187 0168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:31:18.0187 0168 dmload - ok
18:31:18.0250 0168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:31:18.0250 0168 DMusic - ok
18:31:18.0312 0168 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:31:18.0328 0168 DNE - ok
18:31:18.0359 0168 dpti2o - ok
18:31:18.0406 0168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:18.0406 0168 drmkaud - ok
18:31:18.0468 0168 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:31:18.0468 0168 drvmcdb - ok
18:31:18.0500 0168 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
18:31:18.0515 0168 drvnddm - ok
18:31:18.0562 0168 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:31:18.0578 0168 E100B - ok
18:31:18.0671 0168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:18.0671 0168 Fastfat - ok
18:31:18.0734 0168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:31:18.0734 0168 Fdc - ok
18:31:18.0875 0168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:31:18.0875 0168 Fips - ok
18:31:18.0921 0168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:31:18.0921 0168 Flpydisk - ok
18:31:18.0968 0168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:18.0968 0168 FltMgr - ok
18:31:19.0062 0168 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
18:31:19.0062 0168 FsUsbExDisk - ok
18:31:19.0109 0168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:19.0109 0168 Fs_Rec - ok
18:31:19.0140 0168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:19.0140 0168 Ftdisk - ok
18:31:19.0187 0168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:31:19.0187 0168 GEARAspiWDM - ok
18:31:19.0265 0168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:19.0265 0168 Gpc - ok
18:31:19.0359 0168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:31:19.0359 0168 HidUsb - ok
18:31:19.0390 0168 hpn - ok
18:31:19.0468 0168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:19.0484 0168 HTTP - ok
18:31:19.0515 0168 i2omgmt - ok
18:31:19.0531 0168 i2omp - ok
18:31:19.0562 0168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:19.0578 0168 i8042prt - ok
18:31:19.0656 0168 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:31:19.0687 0168 ialm - ok
18:31:19.0796 0168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:31:19.0796 0168 Imapi - ok
18:31:19.0843 0168 ini910u - ok
18:31:19.0968 0168 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:31:20.0046 0168 IntelC51 - ok
18:31:20.0093 0168 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:31:20.0125 0168 IntelC52 - ok
18:31:20.0156 0168 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:31:20.0156 0168 IntelC53 - ok
18:31:20.0203 0168 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:31:20.0203 0168 IntelIde - ok
18:31:20.0250 0168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:31:20.0250 0168 intelppm - ok
18:31:20.0296 0168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:31:20.0296 0168 Ip6Fw - ok
18:31:20.0343 0168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:31:20.0343 0168 IpFilterDriver - ok
18:31:20.0390 0168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:31:20.0390 0168 IpInIp - ok
18:31:20.0421 0168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:31:20.0437 0168 IpNat - ok
18:31:20.0468 0168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:31:20.0468 0168 IPSec - ok
18:31:20.0500 0168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:31:20.0500 0168 IRENUM - ok
18:31:20.0562 0168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:31:20.0578 0168 isapnp - ok
18:31:20.0609 0168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:31:20.0625 0168 Kbdclass - ok
18:31:20.0671 0168 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:31:20.0671 0168 kbdhid - ok
18:31:20.0734 0168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:31:20.0734 0168 kmixer - ok
18:31:20.0890 0168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:31:20.0890 0168 KSecDD - ok
18:31:20.0984 0168 LANPkt (8bbfbf256493035ae6105b334fce99df) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
18:31:20.0984 0168 LANPkt - ok
18:31:21.0000 0168 lbrtfdc - ok
18:31:21.0093 0168 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:31:21.0109 0168 MBAMProtector - ok
18:31:21.0187 0168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:31:21.0187 0168 mnmdd - ok
18:31:21.0250 0168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:31:21.0250 0168 Modem - ok
18:31:21.0312 0168 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:31:21.0312 0168 MODEMCSA - ok
18:31:21.0375 0168 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:31:21.0375 0168 mohfilt - ok
18:31:21.0406 0168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:31:21.0406 0168 Mouclass - ok
18:31:21.0421 0168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:31:21.0437 0168 MountMgr - ok
18:31:21.0500 0168 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:31:21.0500 0168 MpFilter - ok
18:31:21.0640 0168 MpKsl08ae36e6 - ok
18:31:21.0703 0168 MpKsl09b04c14 - ok
18:31:21.0765 0168 MpKsl0cc487c7 - ok
18:31:21.0781 0168 MpKsl2b3e91c3 - ok
18:31:21.0812 0168 MpKsl50c81981 - ok
18:31:21.0859 0168 MpKsl77104c11 - ok
18:31:21.0875 0168 MpKslc93155ca - ok
18:31:21.0906 0168 mraid35x - ok
18:31:21.0984 0168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:31:21.0984 0168 MRxDAV - ok
18:31:22.0046 0168 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:31:22.0046 0168 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: c1d85b598874ed1a1d6c531af30edf75, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
18:31:22.0062 0168 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - infected
18:31:22.0062 0168 MRxSmb - detected Rootkit.Win32.ZAccess.aml (0)
18:31:22.0109 0168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:31:22.0109 0168 Msfs - ok
18:31:22.0171 0168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:31:22.0171 0168 MSKSSRV - ok
18:31:22.0234 0168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:31:22.0234 0168 MSPCLOCK - ok
18:31:22.0281 0168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:31:22.0281 0168 MSPQM - ok
18:31:22.0421 0168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:31:22.0421 0168 mssmbios - ok
18:31:22.0468 0168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:31:22.0468 0168 MSTEE - ok
18:31:22.0515 0168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:31:22.0515 0168 Mup - ok
18:31:22.0578 0168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:31:22.0578 0168 NABTSFEC - ok
18:31:22.0625 0168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:31:22.0625 0168 NDIS - ok
18:31:22.0671 0168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:31:22.0687 0168 NdisIP - ok
18:31:22.0718 0168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:31:22.0718 0168 NdisTapi - ok
18:31:22.0781 0168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:31:22.0781 0168 Ndisuio - ok
18:31:22.0843 0168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:31:22.0843 0168 NdisWan - ok
18:31:22.0875 0168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:31:22.0890 0168 NDProxy - ok
18:31:22.0953 0168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:31:22.0953 0168 NetBIOS - ok
18:31:23.0015 0168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:31:23.0031 0168 NetBT - ok
18:31:23.0125 0168 NetgearGA311 (a499c838a518719b17279a52d88d8847) C:\WINDOWS\system32\DRIVERS\G311N6.sys
18:31:23.0125 0168 NetgearGA311 - ok
18:31:23.0250 0168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:31:23.0250 0168 Npfs - ok
18:31:23.0328 0168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:31:23.0343 0168 Ntfs - ok
18:31:23.0390 0168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:31:23.0406 0168 Null - ok
18:31:23.0531 0168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:31:23.0531 0168 NwlnkFlt - ok
18:31:23.0546 0168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:31:23.0562 0168 NwlnkFwd - ok
18:31:23.0609 0168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:31:23.0625 0168 Parport - ok
18:31:23.0656 0168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:31:23.0656 0168 PartMgr - ok
18:31:23.0718 0168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:31:23.0718 0168 ParVdm - ok
18:31:23.0781 0168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:31:23.0781 0168 PCI - ok
18:31:23.0796 0168 PCIDump - ok
18:31:23.0859 0168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:31:23.0859 0168 PCIIde - ok
18:31:23.0906 0168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:31:23.0906 0168 Pcmcia - ok
18:31:23.0921 0168 PDCOMP - ok
18:31:23.0953 0168 PDFRAME - ok
18:31:23.0984 0168 PDRELI - ok
18:31:24.0000 0168 PDRFRAME - ok
18:31:24.0031 0168 perc2 - ok
18:31:24.0062 0168 perc2hib - ok
18:31:24.0187 0168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:31:24.0187 0168 PptpMiniport - ok
18:31:24.0250 0168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:31:24.0250 0168 PSched - ok
18:31:24.0265 0168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:31:24.0265 0168 Ptilink - ok
18:31:24.0312 0168 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:31:24.0312 0168 PxHelp20 - ok
18:31:24.0328 0168 ql1080 - ok
18:31:24.0359 0168 Ql10wnt - ok
18:31:24.0390 0168 ql12160 - ok
18:31:24.0421 0168 ql1240 - ok
18:31:24.0437 0168 ql1280 - ok
18:31:24.0484 0168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:31:24.0484 0168 RasAcd - ok
18:31:24.0531 0168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:31:24.0531 0168 Rasl2tp - ok
18:31:24.0578 0168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:31:24.0578 0168 RasPppoe - ok
18:31:24.0593 0168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:31:24.0593 0168 Raspti - ok
18:31:24.0671 0168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:31:24.0671 0168 Rdbss - ok
18:31:24.0703 0168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:31:24.0703 0168 RDPCDD - ok
18:31:24.0781 0168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:31:24.0796 0168 RDPWD - ok
18:31:24.0843 0168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:31:24.0859 0168 redbook - ok
18:31:24.0921 0168 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:31:24.0921 0168 RimUsb - ok
18:31:25.0125 0168 RTL8023 (471e91c38bd05cb024f9c02017235424) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
18:31:25.0125 0168 RTL8023 - ok
18:31:25.0218 0168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:31:25.0218 0168 Secdrv - ok
18:31:25.0343 0168 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:31:25.0359 0168 senfilt - ok
18:31:25.0406 0168 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:31:25.0421 0168 serenum - ok
18:31:25.0453 0168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:31:25.0453 0168 Serial - ok
18:31:25.0500 0168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:31:25.0515 0168 Sfloppy - ok
18:31:25.0562 0168 Simbad - ok
18:31:25.0625 0168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:31:25.0625 0168 SLIP - ok
18:31:25.0687 0168 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:31:25.0703 0168 smwdm - ok
18:31:25.0718 0168 Sparrow - ok
18:31:25.0750 0168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:31:25.0750 0168 splitter - ok
18:31:25.0796 0168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:31:25.0812 0168 sr - ok
18:31:25.0875 0168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:31:25.0890 0168 Srv - ok
18:31:25.0953 0168 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:31:25.0953 0168 sscdbhk5 - ok
18:31:26.0015 0168 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
18:31:26.0031 0168 ssrtln - ok
18:31:26.0140 0168 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:31:26.0140 0168 streamip - ok
18:31:26.0187 0168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:31:26.0187 0168 swenum - ok
18:31:26.0234 0168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:31:26.0250 0168 swmidi - ok
18:31:26.0281 0168 symc810 - ok
18:31:26.0312 0168 symc8xx - ok
18:31:26.0343 0168 sym_hi - ok
18:31:26.0359 0168 sym_u3 - ok
18:31:26.0406 0168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:31:26.0406 0168 sysaudio - ok
18:31:26.0500 0168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:31:26.0515 0168 Tcpip - ok
18:31:26.0640 0168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:31:26.0640 0168 TDPIPE - ok
18:31:26.0656 0168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:31:26.0671 0168 TDTCP - ok
18:31:26.0687 0168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:31:26.0687 0168 TermDD - ok
18:31:26.0750 0168 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
18:31:26.0765 0168 tfsnboio - ok
18:31:26.0796 0168 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
18:31:26.0796 0168 tfsncofs - ok
18:31:26.0812 0168 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
18:31:26.0828 0168 tfsndrct - ok
18:31:26.0843 0168 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
18:31:26.0859 0168 tfsndres - ok
18:31:26.0875 0168 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
18:31:26.0890 0168 tfsnifs - ok
18:31:26.0906 0168 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
18:31:26.0906 0168 tfsnopio - ok
18:31:26.0921 0168 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
18:31:26.0937 0168 tfsnpool - ok
18:31:26.0968 0168 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
18:31:26.0968 0168 tfsnudf - ok
18:31:27.0015 0168 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:31:27.0031 0168 tfsnudfa - ok
18:31:27.0062 0168 TosIde - ok
18:31:27.0140 0168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:31:27.0140 0168 Udfs - ok
18:31:27.0156 0168 ultra - ok
18:31:27.0234 0168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:31:27.0250 0168 Update - ok
18:31:27.0343 0168 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:31:27.0343 0168 USBAAPL - ok
18:31:27.0390 0168 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:31:27.0406 0168 usbaudio - ok
18:31:27.0453 0168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:31:27.0468 0168 usbccgp - ok
18:31:27.0515 0168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:31:27.0515 0168 usbehci - ok
18:31:27.0546 0168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:31:27.0546 0168 usbhub - ok
18:31:27.0609 0168 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:31:27.0609 0168 usbprint - ok
18:31:27.0656 0168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:31:27.0671 0168 usbscan - ok
18:31:27.0843 0168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:31:27.0859 0168 USBSTOR - ok
18:31:27.0906 0168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:31:27.0906 0168 usbuhci - ok
18:31:27.0953 0168 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:31:27.0968 0168 usbvideo - ok
18:31:28.0046 0168 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
18:31:28.0046 0168 USB_RNDIS_XP - ok
18:31:28.0078 0168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:31:28.0078 0168 VgaSave - ok
18:31:28.0109 0168 ViaIde - ok
18:31:28.0187 0168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:31:28.0187 0168 VolSnap - ok
18:31:28.0203 0168 vsdatant - ok
18:31:28.0328 0168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:31:28.0328 0168 Wanarp - ok
18:31:28.0343 0168 WDICA - ok
18:31:28.0421 0168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:31:28.0421 0168 wdmaud - ok
18:31:28.0656 0168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:31:28.0656 0168 WSTCODEC - ok
18:31:28.0703 0168 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:31:28.0703 0168 WudfPf - ok
18:31:28.0843 0168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:31:28.0890 0168 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:31:28.0890 0168 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:31:28.0890 0168 Boot (0x1200) (853e34220c9f4dc99e98a7e8ac18abb8) \Device\Harddisk0\DR0\Partition0
18:31:28.0890 0168 \Device\Harddisk0\DR0\Partition0 - ok
18:31:28.0906 0168 ============================================================
18:31:28.0906 0168 Scan finished
18:31:28.0906 0168 ============================================================
18:31:28.0968 2780 Detected object count: 2
18:31:28.0968 2780 Actual detected object count: 2
18:32:44.0734 2780 Backup copy found, using it..
18:32:44.0734 2780 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
18:32:46.0984 2780 MRxSmb ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
18:32:47.0046 2780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:32:47.0046 2780 \Device\Harddisk0\DR0 - ok
18:32:47.0046 2780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:32:56.0046 1016 Deinitialize success

#10 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 27 January 2012 - 11:07 AM

Greetings ejhdez,

Thanks for posting your information. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back as soon as I can. :)
Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 28 January 2012 - 11:09 AM

Greetings ejhdez,


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    DirLook::
c:\documents and settings\JODY\Application Data\TP
c:\documents and settings\JODY\Application Data\Publish Providers
c:\documents and settings\JODY\Application Data\Giy
c:\documents and settings\JODY\Application Data\Ylg

  • Save this on your desktop as CFScript.txt.


    Posted Image


  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 29 January 2012 - 02:03 AM

Hello Oh My!,

When I get ready to run ESET Online Scanner, do I have to disable my anti virus and anti malware programs? Thank you for all your help :) That'ts hard to come by these days.

#13 User is offline   Oh My 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,945
  • Joined: 08-February 10
  • Gender:Male
  • Location:California

Posted 29 January 2012 - 09:13 AM

Greetings ejhdez,

Quote

do I have to disable my anti virus and anti malware programs?


No, just launch it and sit back. :thumbup2:
Regards,
Oh My!

If I do not respond to you within 48 hours of your post please send me a Personal Message .


“Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 29 January 2012 - 01:05 PM

Good Day Oh My!,

Below is my combofix log report. I will now run the ESET Online Scanner and send you the report as soon as I get it. Oh My! I would like to ask you a quick question. Why does my computer say the Microsoft Security Essential is disabled when I manually uninstalled it on add/remove Programs. Thank you!!!!



ComboFix 12-01-27.01 - JODY 01/29/2012 12:13:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2294 [GMT -5:00]
Running from: c:\documents and settings\JODY\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\JODY\Desktop\CFScript.txt.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 17:08 . 2012-01-29 17:09 -------- d-----w- C:\32788R22FWJFW
2012-01-22 23:57 . 2012-01-22 23:57 -------- d--h--w- c:\windows\PIF
2012-01-19 01:46 . 2012-01-19 01:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-01-19 01:40 . 2012-01-19 01:40 -------- d-----w- c:\program files\Common Files\Java
2012-01-19 01:40 . 2012-01-19 01:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 01:25 . 2012-01-19 01:25 -------- d-----w- c:\documents and settings\JODY\Local Settings\Application Data\Secunia PSI
2012-01-19 01:24 . 2012-01-19 01:24 -------- d-----w- c:\program files\Secunia
2012-01-18 00:50 . 2012-01-29 17:11 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-17 14:25 . 2012-01-17 14:25 -------- d-----w- c:\program files\Tangosoft
2012-01-17 14:14 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-01-17 12:55 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-17 12:07 . 2012-01-17 12:07 -------- d-----w- c:\program files\Tweaking.com
2012-01-17 10:50 . 2012-01-18 00:49 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-17 10:40 . 2012-01-17 10:40 -------- d-----w- c:\program files\CleanUp!
2012-01-17 06:49 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-17 06:49 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-17 06:49 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-17 06:48 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-17 06:48 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-17 06:48 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-17 06:48 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-17 06:48 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-17 06:48 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-17 06:48 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-17 06:48 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-17 06:48 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-17 06:48 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-17 06:48 . 2012-01-17 06:48 -------- d-----w- c:\program files\AVAST Software
2012-01-17 06:48 . 2012-01-17 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-17 03:23 . 2012-01-17 03:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-17 02:22 . 2012-01-17 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-17 02:22 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 00:59 . 2012-01-17 03:23 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-17 00:50 . 2012-01-17 00:50 -------- d-----w- c:\program files\HitmanPro
2012-01-17 00:49 . 2012-01-17 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-17 00:00 . 2012-01-17 00:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2012-01-16 23:59 . 2012-01-16 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-16 23:59 . 2012-01-16 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-01-16 22:14 . 2012-01-16 22:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-16 22:14 . 2012-01-16 22:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-04 23:42 . 2012-01-05 00:13 -------- d-----w- c:\documents and settings\JODY\Application Data\TP
2012-01-04 23:38 . 2012-01-04 23:38 -------- d-----w- c:\documents and settings\JODY\Application Data\Publish Providers
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-01-02 02:04 . 2012-01-07 23:04 -------- d-----w- c:\documents and settings\JODY\Application Data\Giy
2012-01-02 02:04 . 2012-01-04 19:02 -------- d-----w- c:\documents and settings\JODY\Application Data\Ylg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 01:39 . 2010-05-27 20:23 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-01-19 01:36 . 2011-05-20 18:49 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-16 23:33 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-11 05:35 . 2010-09-08 00:32 89680 ----a-w- c:\documents and settings\MSSSerif120.fon
2011-12-07 17:29 . 2011-12-07 17:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-07 17:29 . 2011-12-07 17:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 14:09 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 14:03 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 19:29 . 2010-05-27 21:53 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-12 14:03 1292288 ------w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2004-08-12 14:03 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2004-08-12 14:02 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 01:21 . 2012-01-12 01:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 03:47 . 2008-08-04 15:47 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-27_12.39.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-29 16:51 . 2012-01-29 16:51 16384 c:\windows\Temp\Perflib_Perfdata_290.dat
- 2004-08-12 14:03 . 2012-01-26 19:18 68412 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2012-01-29 17:17 68412 c:\windows\system32\perfc009.dat
+ 2012-01-29 17:15 . 2012-01-29 17:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-26 19:17 . 2012-01-26 19:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-26 19:17 . 2012-01-26 19:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-12 14:03 . 2012-01-26 19:18 434126 c:\windows\system32\perfh009.dat
+ 2004-08-12 14:03 . 2012-01-29 17:17 434126 c:\windows\system32\perfh009.dat
- 2012-01-26 19:17 . 2012-01-26 19:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-29 17:15 . 2012-01-29 17:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-26 19:17 . 2012-01-26 19:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-29 17:16 . 2012-01-29 17:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-23 00:13 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JODY^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\JODY\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 05:05 122939 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
2004-08-27 19:29 417792 -c--a-w- c:\program files\Dell Photo AIO Printer 962\dlbxmon.exE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 20:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 19:51 118784 -c----w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 19:55 155648 -c----w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 00:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-05 20:45 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 18:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-09 20:59 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-07 17:29 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 05:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"CiSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nitto 1320 Legends\\NittoLegendsBeta.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/17/2012 1:48 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/17/2012 1:48 AM 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/17/2012 1:49 AM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/17/2012 1:48 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/17/2012 1:49 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/17/2012 1:49 AM 20568]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/16/2012 9:22 PM 652872]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 7:53 PM 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/16/2012 9:22 PM 20464]
S1 MpKsl08ae36e6;MpKsl08ae36e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C8E19ED-215A-4353-8510-32FDF5F81C24}\MpKsl08ae36e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C8E19ED-215A-4353-8510-32FDF5F81C24}\MpKsl08ae36e6.sys [?]
S1 MpKsl09b04c14;MpKsl09b04c14;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl09b04c14.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl09b04c14.sys [?]
S1 MpKsl0cc487c7;MpKsl0cc487c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl0cc487c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8C12D6C-C980-4917-8E0B-A0B791CF599C}\MpKsl0cc487c7.sys [?]
S1 MpKsl2b3e91c3;MpKsl2b3e91c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl2b3e91c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl2b3e91c3.sys [?]
S1 MpKsl50c81981;MpKsl50c81981;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C090F928-18ED-4B1E-BA76-1FA4C4FDF5DF}\MpKsl50c81981.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C090F928-18ED-4B1E-BA76-1FA4C4FDF5DF}\MpKsl50c81981.sys [?]
S1 MpKsl77104c11;MpKsl77104c11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl77104c11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2597E18D-6FF1-4060-AF98-16BF34C23D52}\MpKsl77104c11.sys [?]
S1 MpKslc93155ca;MpKslc93155ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380B374A-AAB3-42B5-855F-483997A948C8}\MpKslc93155ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380B374A-AAB3-42B5-855F-483997A948C8}\MpKslc93155ca.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/17/2012 1:48 AM 127192]
S2 gupdate1ca5fce8de834ec;Google Update Service (gupdate1ca5fce8de834ec);c:\program files\Google\Update\GoogleUpdate.exe [11/7/2009 12:20 PM 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/20/2011 1:33 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/7/2009 12:20 PM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [1/16/2012 7:59 PM 23624]
S3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\drivers\G311N6.sys [6/22/2010 8:56 PM 70144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-13 c:\windows\Tasks\chkdsk.job
- c:\windows\system32\chkdsk.exe [2004-08-12 13:56]
.
2012-01-13 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-12 00:12]
.
2012-01-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]
.
2012-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-08 01:09]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 17:19]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 17:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\JODY\Application Data\Mozilla\Firefox\Profiles\bc0paryd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI3TDF&PC=VI3TDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=gametheory&id=quixbar&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 12:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-29 12:48:14
ComboFix-quarantined-files.txt 2012-01-29 17:47
ComboFix2.txt 2012-01-27 12:47
.
Pre-Run: 7,775,469,568 bytes free
Post-Run: 7,825,289,216 bytes free
.
- - End Of File - - 488F5A9FA78D8F1A1DB9A8544B86E2A2

#15 User is offline   ejhdez 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 18-January 12
  • Gender:Female

Posted 29 January 2012 - 08:55 PM

Hi Oh My!,

Here is the log report that ESETScan generated on my computer. Oh My! I have always heard that it is good to keep Java updated. I don't know how to read these reports but I saw somethings with the likes of Java/Trojan Download on the report. Is it possible to get a trojan by updating Java? Thank you for your time spent on my computer infection!!!!

Thanks,
Ejhdez




C:\Documents and Settings\EDDY\Application Data\Mozilla\Firefox\Profiles\xcqzj5ng.default\extensions\firefox@bandoo.com\components\FFPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\FFoxPackage.exe a variant of Win32/Adware.Bandoo.AA application deleted - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\SetupDataMngr_Searchqu.exe Win32/Adware.Bandoo application deleted - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\files.exe multiple threats deleted - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\InstallerHelper.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\Bandoo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\BandooGo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\BandooUI.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\BndCore.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\ExtensionsManager.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\FFoxPackage.exe a variant of Win32/Adware.Bandoo.AA application deleted - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\ieplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\InstallerHelper.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\msnplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\OEPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Bin\YahooPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\GLF5F\Static\SetupDataMngr_Searchqu.exe Win32/Adware.Bandoo application deleted - quarantined
C:\Documents and Settings\EDDY\Local Settings\Temp\Searchqu_DM\SearchquMediaBar.exe Win32/Adware.Bandoo application deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2941e920 multiple threats deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-6a08e133 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-3c50cba0 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-777da47e multiple threats deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\36\746daba4-21742eff a variant of Win32/Kryptik.YYL trojan cleaned by deleting - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\41\29b4c469-49cc6b34 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\51\377bf9f3-4962466f a variant of Win32/Kryptik.YID trojan deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\53\3d6e34b5-4aa314a6 Java/Exploit.CVE-2011-3544.X trojan deleted - quarantined
C:\Documents and Settings\JODY\Application Data\Sun\Java\Deployment\cache\6.0\8\6bb21e88-5359ee17 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\JODY\Desktop\Programas\2010 Office\Activadon_Office.rar Win32/HackKMS.A application deleted - quarantined
C:\Documents and Settings\JODY\Desktop\Programas\2010 Office\KMS Activator 1.3.1.rar a variant of Win32/HackKMS.A application deleted - quarantined
C:\Documents and Settings\JODY\Desktop\Programas\2010 Office\Activadon Office\mini-KMS_Activator_v1.051.exe Win32/HackKMS.A application deleted - quarantined
C:\Documents and Settings\JODY\Desktop\Programas\FLoop\flstudio_10.0.8_online.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\JODY\Desktop\Programas\sony vega 10\Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\42cb71c0-324a18f6 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\15505bcf-1e015173 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7276f750-3a69e1d5 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7b2707d0-6b16cbf0 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\1cc59a92-40f73672 a variant of Win32/Kryptik.YKJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\3aa4da42-2ebea147 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\270c07d4-5fe45b13 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\1dccba96-7f9ca80b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\d189d59-178417b8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\29223eda-2bb31bcd a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\5d6255db-55bbcfea a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\68f3bc83-43ba413f multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\3183cbe0-556fba0b a variant of Win32/Kryptik.YXO trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\66992461-4d01cb8d a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\7f4bc8a1-3844b97a multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\26ebc223-68c46c3a Win32/TrojanDownloader.Zurgop.AB trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-6f5b18df a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\40ecb367-3e655752 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\2d4937ea-67dfb55f multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\70e9b06d-624d20cc a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\2f8cb32f-71d5b3ac a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-5f3fdd79 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\33ce1c73-57f85cf6 Win32/Adware.XPAntiSpyware.AC application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\529c9636-7771404d a variant of Java/Exploit.CVE-2011-3544.Q trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\38ec98ba-65076d11 a variant of Win32/Kryptik.YRJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\3a0450c6-126e774a a variant of Java/Exploit.CVE-2011-3544.Q trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\511051c6-653bd43a multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\39f00088-18cac0db a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\2c316449-5378c8c1 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Program Files\Bandoo\Bandoo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Bandoo\BandooGo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\BandooUI.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Bandoo\BndCore.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\ExtensionsManager.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\InstallerHelper.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\Plugins\MSN\msnplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\Plugins\OE\OEPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Bandoo\Plugins\Yahoo\YahooPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1260\A0164939.exe a variant of Win32/HackKMS.A application deleted - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1260\A0164940.exe a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1277\A0172940.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173189.exe Win32/HackKMS.A application deleted - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173190.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173191.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173192.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173193.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173194.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173195.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173196.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173197.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173198.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173199.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DA55D098-75EE-4468-9183-8A5C966AF712}\RP1278\A0173200.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users