Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor Removal


  • This topic is locked This topic is locked
8 replies to this topic

#1 dm498

dm498

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 11 September 2010 - 02:19 PM

Hi

I'm looking for some assistance in getting rid of Antimalware Doctor Removal. I've read some similar posts and have ran Malware bytes, GMER and OTL. Logs below.

If someone could give me a hand getting rid of this it would be much appreciated.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

11/09/2010 17:48:30
mbam-log-2010-09-11 (17-48-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 242131
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.cool.gif -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.cool.gif -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-11 19:23:13
Windows 6.0.6002 Service Pack 2
Running: mn764xgf.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82F9DD88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82F9DDB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82F9DD9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82F9DD74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8225F9D2 5 Bytes JMP 82F9DD78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82424DA3 5 Bytes JMP 82F9DDB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 824444FA 7 Bytes JMP 82F9DD8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824447BD 5 Bytes JMP 82F9DDA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\prsswt.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8835A480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8839B900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 019D0FEF
.text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 019D0FD4
.text C:\Windows\system32\services.exe[804] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 019D000A
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 01A30F64
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 01A300A0
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 01A30F38
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 01A30F49
.text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 01A30085
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 01A30FDE
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 01A3002F
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 01A30F75
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 01A30FAB
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 01A30FCD
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 01A30FBC
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 01A3004A
.text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 01A30F86
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 01A30F1D
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 01A3000A
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 01A30FEF
.text C:\Windows\system32\services.exe[804] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 01A300C5
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 01A40058
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 01A40047
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 01A40000
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 01A40FB6
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 01A40069
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 01A40FE5
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 01A40025
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 01A40036
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 01A20FA8
.text C:\Windows\system32\services.exe[804] msvcrt.dll!system 766A804B 5 Bytes JMP 01A20FB9
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 01A20029
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_open 766AD106 5 Bytes JMP 01A20000
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 01A20FD4
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 01A20FEF
.text C:\Windows\system32\services.exe[804] WS2_32.dll!socket 773736D1 5 Bytes JMP 01B20FEF
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenA 7713D690 5 Bytes JMP 01B10000
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenW 7713DB09 5 Bytes JMP 01B10FE5
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenUrlA 7713F3A4 5 Bytes JMP 01B10FD4
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenUrlW 77186DDF 5 Bytes JMP 01B10025
.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00180000
.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00180FE5
.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00180011
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 001A00CE
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 001A0F88
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 001A0F5C
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 001A00F3
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 001A0FA3
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 001A002C
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 001A0047
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 001A00B3
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 001A0FC0
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 001A007D
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 001A0FD1
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 001A0062
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 001A0098
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 001A0F41
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 001A001B
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 001A0000
.text C:\Windows\system32\lsass.exe[892] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 001A0F6D
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00260FB3
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 0026004E
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00260000
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 0026005F
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00260070
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 0026002C
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 0026001B
.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 0026003D
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00190FB7
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!system 766A804B 5 Bytes JMP 00190038
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00190027
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!_open 766AD106 5 Bytes JMP 00190000
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00190FC8
.text C:\Windows\system32\lsass.exe[892] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00190FE3
.text C:\Windows\system32\lsass.exe[892] WS2_32.dll!socket 773736D1 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00700000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00700FDB
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00700011
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00850F41
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00850F52
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 008500BD
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00850098
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00850051
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00850025
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 0085007D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00850F83
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00850F94
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00850062
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00850F0B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00850FDB
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00850F26
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00720064
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 766A804B 5 Bytes JMP 00720FD9
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 0072002E
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 766AD106 5 Bytes JMP 00720000
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 0072003F
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00720011
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00860036
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00860F94
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00860025
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00860F79
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00860FCA
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00860FAF
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 773736D1 5 Bytes JMP 00870FE5
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0075001B
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 007B0F3C
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 007B0078
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 007B0EFC
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 007B0F17
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 007B0F83
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 007B0FD4
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 007B0025
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 007B0F4D
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 007B005D
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 007B0FAF
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 007B0F94
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 007B0036
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 007B0F5E
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 007B0EEB
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 007B000A
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 007B0093
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00760038
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!system 766A804B 5 Bytes JMP 0076001D
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00760FB7
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_open 766AD106 5 Bytes JMP 00760FE3
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 0076000C
.text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00760FD2
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 007D0F7C
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 007D0FA8
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 007D0000
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 007D0F8D
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 007D0039
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 007D0FD4
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 007D0FEF
.text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 007D0FB9
.text C:\Windows\system32\svchost.exe[1140] WS2_32.dll!socket 773736D1 5 Bytes JMP 007E000A
.text C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0021002F
.text C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00210014
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00D900B6
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00D9009B
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00D900E2
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00D900D1
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00D9006F
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00D9002F
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00D90FDE
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00D9008A
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00D90F95
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00D90FB2
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00D90054
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00D90FC3
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00D90F7A
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00D90F30
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00D9000A
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00D90FEF
.text C:\Windows\System32\svchost.exe[1300] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00D90F4B
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00200FA6
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!system 766A804B 5 Bytes JMP 00200027
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00200FD2
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_open 766AD106 5 Bytes JMP 00200000
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00200FB7
.text C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00200FE3
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00DA007D
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00DA0FDB
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00DA0000
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00DA0062
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00DA00A2
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00DA0036
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00DA001B
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00DA0047
.text C:\Windows\System32\svchost.exe[1300] WS2_32.dll!socket 773736D1 5 Bytes JMP 00DB0FE5
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00980FE5
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00980FB9
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00980FD4
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 010500DA
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 010500C9
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 01050F43
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 01050F5E
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 01050082
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 01050FD4
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 01050025
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 010500AE
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 01050FA8
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 01050FB9
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 0105005B
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 01050040
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 01050093
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 01050F32
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 01050FEF
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 01050000
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!WinExec 76795CF7 3 Bytes JMP 01050F79
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!WinExec + 4 76795CFB 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 0100002C
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!system 766A804B 5 Bytes JMP 01000FA1
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 01000FD7
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_open 766AD106 5 Bytes JMP 01000000
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 01000FBC
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 01000011
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 010B0051
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 010B0FB9
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 010B0000
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 010B0040
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 010B0F8A
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 010B0FEF
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 010B001B
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 010B0FCA
.text C:\Windows\System32\svchost.exe[1332] WS2_32.dll!socket 773736D1 5 Bytes JMP 015C0000
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00F80FE5
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00F80FCA
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00FE00BF
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00FE0F79
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00FE00F5
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00FE00E4
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00FE009A
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00FE0FD4
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe 76728E6E 3 Bytes JMP 00FE0F94
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe + 4 76728E72 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00FE0073
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 76729362 3 Bytes JMP 00FE0051
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW + 4 76729366 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 767294B4 3 Bytes JMP 00FE0062
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA + 4 767294B8 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 767294DC 3 Bytes JMP 00FE0040
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA + 4 767294E0 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7672DBDA 3 Bytes JMP 00FE0FA5
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx + 4 7672DBDE 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00FE0F39
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00FE000A
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00FE0FEF
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00FE0F68
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00F9001D
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!system 766A804B 5 Bytes JMP 00F9000C
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00F90FB7
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_open 766AD106 5 Bytes JMP 00F90FE3
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00F90F9C
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00F90FD2
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00FF0076
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00FF004A
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00FF005B
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00FF0FB9
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00FF0FEF
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00FF001B
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00FF0FDE
.text C:\Windows\system32\svchost.exe[1404] WS2_32.dll!socket 773736D1 5 Bytes JMP 01200FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1452] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 6E579AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1452] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 6E579A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00190011
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00190FE5
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 006B0082
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 006B0071
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 006B0EF5
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 006B0F10
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 006B0F6B
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 006B0FD4
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 006B0FB9
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 006B0056
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 006B0F7C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 006B0039
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 006B0F97
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 006B0FA8
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 006B0F50
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 006B00A7
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 006B0F21
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 001A0FBE
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 766A804B 5 Bytes JMP 001A003F
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 001A002E
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 766AD106 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 001A0FCF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 001A0011
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 006C0F94
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 006C0040
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 006C0FAF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 006C0F83
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 006C0FE5
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 006C001B
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 006C0FD4
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 773736D1 5 Bytes JMP 0071000A
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00D40FC3
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00D40FD4
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00DA00B2
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00DA0F6C
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00DA0F40
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00DA00D7
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00DA0FAC
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00DA002C
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00DA0047
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00DA0F87
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00DA007A
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00DA0FD1
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00DA0069
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00DA0058
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00DA0097
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00DA00E8
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00DA001B
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00DA0F51
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00D90FC3
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!system 766A804B 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_creat 766ABBE1 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_open 766AD106 5 Bytes JMP 00D9000C
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00D90044
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00D90029
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00DB0FB9
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00DB0036
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00DB0FEF
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00DB005B
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00DB0076
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00DB0FD4
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00DB0025
.text C:\Windows\system32\svchost.exe[1556] WS2_32.dll!socket 773736D1 5 Bytes JMP 010D0FEF
.text C:\Windows\system32\svchost.exe[1556] WinInet.dll!InternetOpenA 7713D690 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1556] WinInet.dll!InternetOpenW 7713DB09 5 Bytes JMP 01000FD4
.text C:\Windows\system32\svchost.exe[1556] WinInet.dll!InternetOpenUrlA 7713F3A4 5 Bytes JMP 01000014
.text C:\Windows\system32\svchost.exe[1556] WinInet.dll!InternetOpenUrlW 77186DDF 5 Bytes JMP 0100002F
.text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00D20FD4
.text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00D2000A
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00D80F44
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00D80F55
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00D80F22
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00D800AF
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00D8006F
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00D80014
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00D80FCD
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00D80F70
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00D80F95
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00D80FBC
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00D8005E
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00D80043
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00D80080
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00D800D4
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00D80FDE
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00D80FEF
.text C:\Windows\system32\svchost.exe[1704] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00D80F33
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00D30FAD
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!system 766A804B 5 Bytes JMP 00D3002E
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00D3001D
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!_open 766AD106 5 Bytes JMP 00D30000
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00D30FBE
.text C:\Windows\system32\svchost.exe[1704] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00D30FE3
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00D90062
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00D9002C
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00D90047
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00D90FA5
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00D90FDB
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00D90011
.text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00D90FCA
.text C:\Windows\system32\svchost.exe[1704] WS2_32.dll!socket 773736D1 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00700000
.text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0070002C
.text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 0070001B
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 007B0F43
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 007B0089
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 007B0F17
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 007B0F32
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 007B0F8A
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 007B0011
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 007B0022
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 007B0F5E
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 007B0062
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 007B0FAF
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 007B0051
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 007B0FC0
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 007B0F6F
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 007B00C9
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 007B0000
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 007B0FE5
.text C:\Windows\system32\svchost.exe[2028] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 007B00AE
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 0079000C
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!system 766A804B 5 Bytes JMP 00790F81
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00790FB7
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!_open 766AD106 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00790F9C
.text C:\Windows\system32\svchost.exe[2028] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00790FD2
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00800058
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 0080003D
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00800000
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00800FB6
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00800F91
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00800011
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00800FE5
.text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 0080002C
.text C:\Windows\system32\svchost.exe[2028] WS2_32.dll!socket 773736D1 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[2088] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2088] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2088] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00830F24
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 0083006A
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 008300A0
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00830F09
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00830F61
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00830FC3
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00830F35
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00830F7C
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00830F9E
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00830F8D
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00830025
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00830F50
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 008300BB
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00830FDE
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[2088] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00830085
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 000A0F8B
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!system 766A804B 5 Bytes JMP 000A0FA6
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 000A0FC1
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!_open 766AD106 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 000A0016
.text C:\Windows\system32\svchost.exe[2088] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 0084004A
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 0084002F
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00840FB2
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 0084006F
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00840014
.text C:\Windows\system32\svchost.exe[2088] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[2088] WS2_32.dll!socket 773736D1 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2108] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[2108] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[2108] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 0023009D
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00230F61
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 002300DA
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 002300C9
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00230067
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00230FCA
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00230082
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00230056
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00230F9E
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00230F8D
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00230FB9
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00230F72
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00230F1E
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[2108] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 002300AE
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 0022006E
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!system 766A804B 5 Bytes JMP 00220049
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 0022001D
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!_open 766AD106 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00220038
.text C:\Windows\system32\svchost.exe[2108] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00220FE3
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00240F79
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00240FB9
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00240F9E
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00240FD4
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[2108] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00240025
.text C:\Windows\system32\svchost.exe[2108] WS2_32.dll!socket 773736D1 5 Bytes JMP 00250FE5
? C:\Windows\System32\svchost.exe[2220] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00360000
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0036002C
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00360011
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 003900C0
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00390F7A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00390F3A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00390F55
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 0039008A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 00390FDE
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00390FCD
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00390F8B
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00390FB2
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 0039004A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 0039006F
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00390039
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 003900A5
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 003900EC
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00390FEF
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00390000
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 003900DB
.text C:\Windows\System32\svchost.exe[2220] WS2_32.dll!socket 773736D1 5 Bytes JMP 003C0FE5
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00380016
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!system 766A804B 5 Bytes JMP 00380F8B
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00380FC1
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_open 766AD106 5 Bytes JMP 00380FEF
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00380FA6
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 00380FDE
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 003A0F97
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 003A002F
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 003A0FEF
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 003A0FA8
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 003A0054
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 003A000A
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 003A0FD4
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 003A0FC3
.text C:\Windows\System32\svchost.exe[2220] WININET.dll!InternetOpenA 7713D690 5 Bytes JMP 003B0FE5
.text C:\Windows\System32\svchost.exe[2220] WININET.dll!InternetOpenW 7713DB09 5 Bytes JMP 003B0FCA
.text C:\Windows\System32\svchost.exe[2220] WININET.dll!InternetOpenUrlA 7713F3A4 5 Bytes JMP 003B0000
.text C:\Windows\System32\svchost.exe[2220] WININET.dll!InternetOpenUrlW 77186DDF 5 Bytes JMP 003B001B
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 0005001E
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00070F21
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00070071
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 000700B8
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 0007009D
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00070F6B
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 00070F46
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00070F7C
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 0007002F
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00070F8D
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00070FA8
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00070056
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00070F06
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00070082
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00060F9C
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!system 766A804B 5 Bytes JMP 00060FB7
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_open 766AD106 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00060FD2
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 0006000C
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyExA 768E39AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00080FAF
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 0008000A
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 0008005B
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00080F9E
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 0008001B
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 00080036
.text C:\Windows\Explorer.EXE[4020] ntdll.dll!NtCreateFile 772643D4 5 Bytes JMP 00050000
.text C:\Windows\Explorer.EXE[4020] ntdll.dll!NtCreateProcess 77264494 5 Bytes JMP 00050FCA
.text C:\Windows\Explorer.EXE[4020] ntdll.dll!NtProtectVirtualMemory 77264D34 5 Bytes JMP 00050FDB
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!GetStartupInfoW 76701929 5 Bytes JMP 00010F04
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!GetStartupInfoA 767019C9 5 Bytes JMP 00010F15
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateProcessW 76701BF3 5 Bytes JMP 00010065
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateProcessA 76701C28 5 Bytes JMP 00010ED8
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!VirtualProtect 76701DC3 5 Bytes JMP 00010F4B
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateNamedPipeA 76702EF5 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateNamedPipeW 76705C0C 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreatePipe 76728E6E 5 Bytes JMP 0001004A
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!LoadLibraryExW 76729109 5 Bytes JMP 00010F5C
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!LoadLibraryW 76729362 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!LoadLibraryExA 767294B4 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!LoadLibraryA 767294DC 5 Bytes JMP 00010FA5
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!VirtualProtectEx 7672DBDA 5 Bytes JMP 00010F3A
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!GetProcAddress 7674903B 5 Bytes JMP 00010EBD
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateFileW 7674AECB 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CreateFileA 7674CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!WinExec 76795CF7 5 Bytes JMP 00010EE9
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegCreateKeyExA 768E39AB 5 Bytes JMP 00060F94
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegCreateKeyA 768E3BA9 5 Bytes JMP 0006002C
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegOpenKeyA 768E89C7 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegCreateKeyW 768F391E 5 Bytes JMP 00060FAF
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegCreateKeyExW 768F41F1 5 Bytes JMP 00060F79
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegOpenKeyExA 768F7C42 5 Bytes JMP 0006000A
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegOpenKeyW 768FE2B5 5 Bytes JMP 00060FD4
.text C:\Windows\Explorer.EXE[4020] ADVAPI32.dll!RegOpenKeyExW 76907BA1 5 Bytes JMP 0006001B
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!_wsystem 766A7F2F 5 Bytes JMP 00070047
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!system 766A804B 5 Bytes JMP 00070FB2
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!_creat 766ABBE1 5 Bytes JMP 00070FDE
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!_open 766AD106 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!_wcreat 766AD326 5 Bytes JMP 00070FCD
.text C:\Windows\Explorer.EXE[4020] msvcrt.dll!_wopen 766AD501 5 Bytes JMP 0007000C
.text C:\Windows\Explorer.EXE[4020] WS2_32.dll!socket 773736D1 5 Bytes JMP 008D0FEF
.text C:\Windows\Explorer.EXE[4020] WININET.dll!InternetOpenA 7713D690 5 Bytes JMP 069D0FEF
.text C:\Windows\Explorer.EXE[4020] WININET.dll!InternetOpenW 7713DB09 5 Bytes JMP 069D000A
.text C:\Windows\Explorer.EXE[4020] WININET.dll!InternetOpenUrlA 7713F3A4 5 Bytes JMP 069D0FD4
.text C:\Windows\Explorer.EXE[4020] WININET.dll!InternetOpenUrlW 77186DDF 5 Bytes JMP 069D0FB9
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5664] ntdll.dll!DbgBreakPoint 77248B2E 1 Byte [90]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1940] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00F276E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1940] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00F27740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 01A6B6E9
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 5409E800
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 68500000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 0F6DEAD8
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 00113EE8
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] F8BD8D00
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] E81394A3
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 00000C58
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 59756668
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 04C76661
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 838FFE24
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 66F9FFC6
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 0CE1BA0F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 85C330F5
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 12CEE9FE
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 60F90000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] F902ED83
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 000634E9
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 24648D00
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8F8E0F28
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 9C00005E
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 2474FF60
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 042444C6
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 8D9C9C92
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 000053DA
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 005BE7E9
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 514EE900
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 35E90000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9C0001AD
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 892434FF
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6604247C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0C89CF0F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] A0B98D24
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] F7B8C753
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24BC8DD7
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] BA86FAAB
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] BA0F669C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 879C0AFF
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0F66F8B6
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 01F7BA0F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 5F73E52C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] CFD3E1F2
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] FF896652
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 35FF6056
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] [004011C5] C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] 1C24448F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] 005638E9
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] F6F5F800
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] C4F766D2
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] ED831B48
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] FCEC8302
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 54A0800F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] D0200000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 04C69C60
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 81E85024
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 9C00000D
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 2824448F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00458F2C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2489669C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 648D5124
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 37E93824
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] E8000053
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0000510A
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] C450E9D5
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 74FF0001
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 5318E934
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B660000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 56B1E900
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 7E270000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] C421E9B1
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3300001
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 16F4E900
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 33E90000
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 9C000056
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E9986054
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000FD4
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 24048954
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 24648D60
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 578F0F20
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 60000010
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 1C247C89
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 59E96056
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 000002A7
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 66CE0F9C
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 66CCA30F
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] D6F7C5D3
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00090AE8
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 242C8700
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EAB60F66
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4AE8F960
IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] D0000014

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86B0B0C0

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp 87609B50

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\tdx \Device\RawIp6 87609B50
Device \Driver\tdx \Device\Tcp6 87609B50
Device \Driver\tdx \Device\Tdx 87609B50
Device \Driver\tdx \Device\Udp 87609B50

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\tdx \Device\RawIp 87609B50
Device \Driver\tdx \Device\Udp6 87609B50

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] prsswt <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\prsswt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\prsswt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\prsswt@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\prsswt@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\prsswt@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\prsswt@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\prsswt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\prsswt@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----


OTL

OTL logfile created on: 11/09/2010 19:30:08 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 26.76 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.83% Space Free | Partition Type: FAT
Drive E: | 73.21 Gb Total Space | 67.95 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE-PC
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\mediafix70700en02.exe (MS)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\AGEIA Technologies\TrayIcon.exe ()


========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/ig"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/07 07:29:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/06 22:11:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 20:15:53 | 000,000,000 | ---D | M]

[2009/03/13 23:29:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2009/03/13 23:29:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/02/13 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/09/09 21:18:45 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\u0t294of.default\extensions
[2009/06/26 18:52:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\u0t294of.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/26 23:30:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/03/15 21:17:42 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/15 21:17:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/15 21:17:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/08 20:43:06 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/03/15 21:17:42 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100906221148.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] ._.Trashes ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] ._.Trashes ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKCU..\Run: [mediafix70700en02.exe] C:\Users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\mediafix70700en02.exe (MS)
O4 - HKCU..\Run: [sdsetup_aff] C:\Users\Dave\Desktop\sdsetup_aff.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Dave\AppData\Roaming\ohydy.exe) - C:\Users\Dave\AppData\Roaming\ohydy.exe (lol lool)
O20 - HKCU Winlogon: Shell - (C:\Users\Dave\AppData\Roaming\antispy.exe) - C:\Users\Dave\AppData\Roaming\antispy.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/11 18:00:12 | 000,001,271 | ---- | M] () - D:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{395e86e5-217e-11df-b30c-001e3376537a}\Shell\AutoRun\command - "" = D:\ACRA.exe -- File not found
O33 - MountPoints2\{4373ce0e-bd9a-11df-90fa-001e3376537a}\Shell\AutoRun\command - "" = D:\myfolder\myfile.exe -- [2010/09/06 21:22:18 | 000,106,496 | RHS- | M] (lol lool)
O33 - MountPoints2\{4373ce0e-bd9a-11df-90fa-001e3376537a}\Shell\open\command - "" = D:\myfolder\myfile.exe -- [2010/09/06 21:22:18 | 000,106,496 | RHS- | M] (lol lool)
O33 - MountPoints2\{789320cb-4bc2-11de-a73d-001e3376537a}\Shell\AutoRun\command - "" = D:\ACRA.exe -- File not found
O33 - MountPoints2\{929ce94f-29f0-11de-bc6a-001e3376537a}\Shell\AutoRun\command - "" = D:\ACRA.exe -- File not found
O33 - MountPoints2\{d05bf614-c935-11dd-baf5-806e6f6e6963}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/08/25 17:58:00 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\{d05bf614-c935-11dd-baf5-806e6f6e6963}\Shell\runit\command - "" = ._.Trashes -- [2010/08/25 17:58:00 | 000,004,096 | -H-- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 20:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/07 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2010/09/07 20:58:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/07 20:58:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/07 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/07 20:56:14 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup.exe
[2010/09/06 22:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/09/06 22:13:49 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2010/09/06 22:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/09/06 22:11:48 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/09/06 22:11:41 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/09/06 22:11:41 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/09/06 22:11:41 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/09/06 22:11:41 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/09/06 22:11:37 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/09/06 22:11:37 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/09/06 22:11:37 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/09/06 22:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/09/06 21:22:18 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2010/09/06 21:22:16 | 000,106,496 | RHS- | C] (lol lool) -- C:\Users\Dave\AppData\Roaming\ohydy.exe
[2010/09/06 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Windows
[2010/09/06 21:22:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Windows Server
[2010/09/06 21:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD
[2010/08/27 08:18:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/08/27 08:18:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/08/27 08:18:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/08/26 23:33:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/08/26 23:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/08/26 23:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/11 19:35:43 | 002,097,152 | -HS- | M] () -- C:\Users\Dave\NTUSER.DAT
[2010/09/11 19:34:43 | 000,784,896 | ---- | M] () -- C:\Windows\System32\drivers\prsswt.sys
[2010/09/11 19:30:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 19:26:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 19:26:13 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2010/09/11 19:24:30 | 000,524,288 | -HS- | M] () -- C:\Users\Dave\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 19:24:30 | 000,065,536 | -HS- | M] () -- C:\Users\Dave\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/11 19:24:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 19:24:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 19:24:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 19:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 19:24:08 | 2006,990,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 19:24:06 | 378,243,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/11 18:08:57 | 000,607,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/11 18:08:56 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/11 18:08:56 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/11 17:49:45 | 002,015,348 | -H-- | M] () -- C:\Users\Dave\AppData\Local\IconCache.db
[2010/09/08 22:31:48 | 000,083,456 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 19:05:46 | 000,511,968 | ---- | M] () -- C:\Users\Dave\Desktop\sdsetup_aff.exe
[2010/09/07 20:58:26 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 18:15:18 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup.exe
[2010/09/07 18:09:22 | 000,363,520 | ---- | M] () -- C:\Users\Dave\Desktop\rkill.com
[2010/09/06 21:22:16 | 000,106,496 | RHS- | M] (lol lool) -- C:\Users\Dave\AppData\Roaming\ohydy.exe
[2010/09/02 20:58:42 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/09/02 20:58:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/08/27 20:48:56 | 000,024,576 | ---- | M] () -- C:\Users\Dave\Desktop\Press Release form.doc
[2010/08/27 08:22:57 | 000,405,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 20:41:38 | 000,511,968 | ---- | C] () -- C:\Users\Dave\Desktop\sdsetup_aff.exe
[2010/09/07 20:58:26 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:51:06 | 000,363,520 | ---- | C] () -- C:\Users\Dave\Desktop\rkill.com
[2010/09/06 22:15:00 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2010/09/06 21:37:07 | 000,784,896 | ---- | C] () -- C:\Windows\System32\drivers\prsswt.sys
[2010/08/27 20:48:56 | 000,024,576 | ---- | C] () -- C:\Users\Dave\Desktop\Press Release form.doc
[2010/08/26 23:21:01 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/26 23:21:01 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/01/11 19:25:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/10 20:09:56 | 000,000,280 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2009/08/08 19:15:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/15 21:26:56 | 000,083,456 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 23:41:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/13 18:10:06 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/12/13 17:51:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/12/13 17:51:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/12/13 17:51:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/12/13 17:51:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/07 17:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 17:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 17:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 17:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 17:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 16:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/03/20 20:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/07 15:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/11 19:24:08 | 2006,990,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 19:24:06 | 2322,870,272 | -HS- | M] () -- C:\pagefile.sys
[2008/12/13 17:47:01 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2010/09/11 13:42:49 | 000,000,544 | ---- | M] () -- C:\rkill.log
[2008/08/12 13:48:28 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/08/26 23:45:41 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/07/17 22:02:04 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-04 17:53:43
< End of report >


Extras

OTL Extras logfile created on: 11/09/2010 19:30:08 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 26.76 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.83% Space Free | Partition Type: FAT
Drive E: | 73.21 Gb Total Space | 67.95 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE-PC
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BFEED6-0FEB-43B9-8137-69786BF76B41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{200FE076-A249-40D9-BD94-554114CD3179}" = rport=445 | protocol=6 | dir=out | app=system |
"{41EC7E69-83EB-4717-BF2E-B0C0C644F569}" = lport=445 | protocol=6 | dir=in | app=system |
"{44E228C2-603B-42D5-902F-1153221BCF5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{52F75D06-103E-446F-BE8F-2E089F709D08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D422EAF-21A8-4819-A74E-31898BE8E763}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5490314-B5FC-40D3-B45C-D14D2362225E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD478BD4-EE7B-4F9F-908E-6151245C8DF1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D8A82B18-5762-489B-874F-9E3FABB29AE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2BAAE09-B0DF-4D26-99BA-7D43CA07FB20}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E21164-FD22-4FA3-8B40-6F77CDE47814}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1EC7F0FC-3835-4B25-804F-0C1719A4A4BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32F43AEC-5747-433B-A04A-ED01A5620B89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C95A455-DD08-468E-ABFC-C4AB4D73D2FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67C3033D-0828-48E8-B575-FDDEFDF49F01}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7BBC1FA4-B2CA-4399-A14E-7027AAF8C425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8266B196-53E9-40BA-97C6-B7D05BA513BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D402D5F9-B235-469C-B707-297F3F5D1F56}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D7185146-09D3-480D-83CD-04F2353033AA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D79DA844-C4B1-4E86-9FF7-777058A6BB10}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E79C40B1-2B64-4439-B1C7-7284490B698F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F07E735C-32CD-47D3-9A37-4F3D39167D80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD7CF080-EB00-4B64-BB6E-264A649DAD5F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{71B8751E-1CF7-41B9-A6AB-D0CB6312102E}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"TCP Query User{B627AF11-67B3-45A1-B199-3124DAC78D80}C:\users\dave\appdata\local\temp\161.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\temp\161.exe |
"TCP Query User{F22E055F-4C8F-4EF3-AF79-AC0D9A29E3DB}C:\users\dave\appdata\local\temp\517.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\temp\517.exe |
"UDP Query User{2C174DD5-276D-451C-8F58-74E08BEF22B4}C:\users\dave\appdata\local\temp\517.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\temp\517.exe |
"UDP Query User{98CD1D5B-0235-4C8C-9E74-53B03F7E02F7}C:\users\dave\appdata\local\temp\161.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\temp\161.exe |
"UDP Query User{DAED87A7-94B5-47BF-8AC7-7C41F757EC9D}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C69EC4-179F-4FDA-B78F-7F946AF38943}" = Transcoder
"{2B6F6771-46DA-4DEB-B738-E809A81B17F7}" = Adobe Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E93D44A-870D-823C-F0B2-09D96E8DE87B}" = Adobe Captivate Reviewer 1.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C4901881-CA4A-48BD-BD48-C4CA87C1DD7C}" = Adobe Captivate 4
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D7B96D96-D9F4-40B7-B913-3D50BDD87C6F}" = Suite Shared Configuration CS4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e92effc954e788ad49a56b24f4bcf1" = Adobe Captivate 4
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Flickr Uploadr" = Flickr Uploadr 3.1.3
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSC" = McAfee Internet Security
"myphotobook" = myphotobook 3.6
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVAnts 1.0" = TVAnts 1.0
"VLC media player" = VLC media player 1.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2010 05:24:26 | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2010 15:48:49 | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2010 16:22:19 | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application 772.exe, version 0.0.0.0, time stamp 0x4bec38f0,
faulting module 772.exe, version 0.0.0.0, time stamp 0x4bec38f0, exception code
0xc0000005, fault offset 0x00001c64, process id 0x145c, application start time 0x01cb4e0134982752.

Error - 06/09/2010 16:26:00 | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2010 16:30:15 | Computer Name = Dave-PC | Source = Google Update | ID = 20
Description =

Error - 06/09/2010 16:35:51 | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application 642.exe, version 0.0.0.0, time stamp 0x4bec38f0,
faulting module 642.exe, version 0.0.0.0, time stamp 0x4bec38f0, exception code
0xc0000005, fault offset 0x00001c64, process id 0xec4, application start time 0x01cb4e03185bbf85.

Error - 06/09/2010 16:36:08 | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2010 16:37:34 | Computer Name = Dave-PC | Source = VSS | ID = 8194
Description =

Error - 06/09/2010 17:14:18 | Computer Name = Dave-PC | Source = VSS | ID = 8194
Description =

Error - 06/09/2010 17:21:36 | Computer Name = Dave-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1300 (0x514) Thread address : 0x772A5E74 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\SiteAdvisor\Download\s3ps.1

by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 06/09/2010 17:11:18 | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/09/2010 17:21:36 | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 06/09/2010 17:21:41 | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 07/09/2010 02:35:05 | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 07/09/2010 05:59:22 | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 08/09/2010 15:35:28 | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 08/09/2010 15:35:28 | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 11/09/2010 08:38:09 | Computer Name = Dave-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:35:59 on 11/09/2010 was unexpected.

Error - 11/09/2010 13:03:50 | Computer Name = Dave-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:01:55 on 11/09/2010 was unexpected.

Error - 11/09/2010 14:24:15 | Computer Name = Dave-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:22:41 on 11/09/2010 was unexpected.


< End of report >


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 AM

Posted 16 September 2010 - 03:15 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

***************************************************

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Edited by Blade Zephon, 16 September 2010 - 03:15 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 dm498

dm498
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 20 September 2010 - 06:20 PM

Hi Blade

Thanks for replying. Below is the ComboFix log



ComboFix 10-09-20.02 - Dave 20/09/2010 23:51:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.1915.1061 [GMT 1:00]
Running from: c:\users\Dave\Desktop\renamed.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dave\AppData\Local\Windows Server
c:\users\Dave\AppData\Local\Windows Server\admin.txt
c:\users\Dave\AppData\Local\Windows Server\flags.ini
c:\users\Dave\AppData\Local\Windows Server\hlp.dat
c:\users\Dave\AppData\Local\Windows Server\server.dat
c:\users\Dave\AppData\Local\Windows Server\uses32.dat
c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD
c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\enemies-names.txt
c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\local.ini
c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\lsrslt.ini
c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\mediafix70700en02.exe
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk

.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 23:04 . 2010-09-20 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 22:07 . 2010-09-20 22:07 -------- d-----w- c:\program files\Trend Micro
2010-09-08 19:41 . 2010-09-08 19:41 -------- d-----w- c:\programdata\PC Tools
2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes
2010-09-07 19:58 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\programdata\Malwarebytes
2010-09-07 19:58 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 21:14 . 2010-09-06 21:14 -------- d-----w- c:\program files\McAfeeMOBK
2010-09-06 21:13 . 2010-04-13 19:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-09-06 21:13 . 2010-09-06 21:13 -------- d-----w- c:\program files\McAfee Online Backup
2010-09-06 21:11 . 2010-05-31 19:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-06 21:11 . 2010-05-31 19:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-06 21:11 . 2010-05-31 19:32 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-06 21:11 . 2010-05-31 19:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-06 21:11 . 2010-05-31 19:32 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-06 21:11 . 2010-05-31 19:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-06 21:11 . 2010-05-31 19:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-06 21:11 . 2010-05-31 19:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-06 21:11 . 2010-09-06 21:11 -------- d-----w- c:\program files\McAfee.com
2010-09-06 20:22 . 2010-09-07 21:34 -------- d-----w- c:\users\Dave\AppData\Local\Windows
2010-08-27 07:18 . 2010-08-27 07:19 -------- d-----w- c:\windows\system32\ca-ES
2010-08-27 07:18 . 2010-08-27 07:19 -------- d-----w- c:\windows\system32\eu-ES
2010-08-27 07:18 . 2010-08-27 07:19 -------- d-----w- c:\windows\system32\vi-VN
2010-08-26 22:33 . 2010-08-26 22:33 -------- d-----w- c:\windows\system32\EventProviders
2010-08-26 22:21 . 2010-08-26 22:21 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-26 22:21 . 2010-09-02 19:58 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 21:23 . 2010-03-12 21:38 -------- d-----w- c:\program files\PokerStars.NET
2010-09-06 21:16 . 2008-08-07 16:51 -------- d-----w- c:\programdata\McAfee
2010-09-06 21:14 . 2008-08-07 16:51 -------- d-----w- c:\program files\McAfee
2010-09-06 21:12 . 2008-08-07 16:51 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-27 07:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-27 07:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-27 07:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-22 17:24 . 2008-12-13 22:40 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-08-22 16:21 . 2008-12-13 22:41 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-08-11 19:44 . 2008-08-07 17:00 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 19:37 . 2008-08-07 16:58 -------- d-----w- c:\programdata\Microsoft Help
2010-07-17 21:00 . 2010-07-17 21:01 300384 ----a-w- c:\users\Dave\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-07-17 21:00 . 2010-07-17 21:00 300384 ----a-w- c:\programdata\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-07-07 13:15 . 2008-12-13 17:05 114968 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 21:25 . 2010-06-30 21:26 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2C2E.tmp.exe
2010-06-26 06:05 . 2010-08-10 19:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 19:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 19:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 19:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-02 18:18 . 2009-11-15 21:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-05-31 19:32 . 2010-09-06 21:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sdsetup_aff"="c:\users\Dave\Desktop\sdsetup_aff.exe" [2010-09-08 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-02 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-02 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - prsswt
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 23:14]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 23:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\u0t294of.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mediafix70700en02.exe - c:\users\Dave\AppData\Roaming\4DD3DB481D5DE5458D8D2B0BD7E483AD\mediafix70700en02.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 00:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Dave\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\prsswt]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-21 00:14:16
ComboFix-quarantined-files.txt 2010-09-20 23:14

Pre-Run: 27,682,553,856 bytes free
Post-Run: 28,555,247,616 bytes free

- - End Of File - - 1D824A923A8FA6FEFED7BFFC94014691


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 AM

Posted 21 September 2010 - 09:02 PM

Hello.

Could you give me an update on how the computer is running?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 dm498

dm498
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 September 2010 - 01:44 PM

Hi

Access to the internet is still quite slow and keeps being interrupted but there are no longer any Antimalware doctor popup windows.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 AM

Posted 22 September 2010 - 08:11 PM

Hello.

QUOTE
Access to the internet is still quite slow and keeps being interrupted


You haven't mentioned this before; could you explain what you mean by "interrupted" ?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 dm498

dm498
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 24 September 2010 - 03:54 PM

Hi,

Basically it doesn't always connect to the internet. I get the message 'Firefox can't find the server at www.google.ie' pretty regularly and when it does connect to the internet after 5-10 minutes during a page upload it will time out and again won't be able to connect. I have brought my work laptop home and it can access the internet fine on the same wireless connection.

I hope that is enough info for you.

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 AM

Posted 26 September 2010 - 11:39 PM

Hi dm498.

I'm not seeing anything obviously responsible for that. Let's do a comprehensive scan to check for remaining malware on the machine. Please be aware that this scan will take some time to run.

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade


In your next reply, please include the following:
KOS Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:37 AM

Posted 04 October 2010 - 12:37 PM

Due to lack of feedback, this topic is now Closed

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users