Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected! Plasrv.exe virus, BSOD and Firefox re-direction!


  • This topic is locked This topic is locked
27 replies to this topic

#1 TR5

TR5

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 04 October 2010 - 04:21 PM

Hi there,

Firstly what a great forum and resource!

After d/loading a suspect file I've been experiencing severla problems with my laptop (Vista)

Firstly I was getting google re-directs when using Firefox, then the computer was crashing with the blue screen of death as well as everything running very slowly.

I ran a Hitman Pro scan and it removed a whoel load of tracking cookies and detected but didnt remove something called Plasrv.exe virus.

When trying to run the Gmer program it gets so far then the computer crashes and I get the dreaded blue screen again.

Thankyou in advance for your help, it really is appreciated!

Greig


DDS (Ver_10-03-17.01) - NTFSx86
Run by Greig at 21:47:40.44 on 04/10/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1781 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\O2 Assistant\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\O2 Assistant\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe
C:\Users\Greig\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\greig\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sketch~1.lnk - c:\program files\autodesk\sketchbookpro2010\SketchBookSnapshot.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BF4E145A-44A4-48B9-9B39-F0188D7B0743} = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-18 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67656]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2009-3-3 13312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-27 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-27 144704]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-3 29736]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-9-18 16968]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-27 40552]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-26 4247552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-3-2 45600]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-3 238464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-27 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-10-03 19:56:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 19:32:07 0 d-----w- c:\program files\TweakUAC
2010-09-21 19:22:30 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-19 22:18:23 0 ----a-w- c:\users\greig\defogger_reenable
2010-09-18 08:06:26 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-18 08:06:23 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-18 08:06:20 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-18 08:06:15 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-18 00:06:53 576 ----a-w- c:\windows\system32\.crusader
2010-09-17 23:59:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-17 23:58:52 0 d-----w- c:\programdata\Hitman Pro
2010-09-17 23:58:51 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-17 23:43:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-17 23:28:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-17 23:28:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-17 23:22:50 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-17 23:22:08 0 d-----w- c:\programdata\Lavasoft
2010-09-17 23:22:08 0 d-----w- c:\program files\Lavasoft
2010-09-17 22:57:49 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-17 22:45:03 0 d-----w- c:\program files\CCleaner
2010-09-17 22:43:51 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-11 22:28:27 0 d-----w- c:\programdata\Yahoo! Companion
2010-09-08 17:16:36 0 d-----w- c:\users\greig\appdata\roaming\Dropbox

==================== Find3M ====================

2010-10-04 19:55:00 120691 ----a-w- c:\programdata\nvModes.dat
2010-09-17 23:00:59 32244 ----a-w- c:\windows\fonts\HelveticaLTStd-BoldCondObl.otf
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 06:32:38 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-24 06:32:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-24 06:32:38 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 08:27:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:49:24.12 ===============

I tried running GMER again - it crashes the computer every time and I get a blue screen of death. It seems to crash at the same point in the scan every time so I saved the ark.txt file just before it crashed:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-04 22:39:36
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Greig\AppData\Local\Temp\fxldypod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8AFE279E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8AFE2738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8AFE274C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AFE27DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8AFE281F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8AFE2710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8AFE2724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8AFE27B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8AFE2847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8AFE2833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8AFE278A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8AFE2776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AFE280B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AFE27F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AFE27C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8AFE2762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 8286EC0E 5 Bytes JMP 8AFE27CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 82A0457C 5 Bytes JMP 8AFE2714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 82A1188D 5 Bytes JMP 8AFE2823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 82A3840C 7 Bytes JMP 8AFE27B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 82A45510 5 Bytes JMP 8AFE27F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 82A45899 7 Bytes JMP 8AFE27E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 82A500EC 5 Bytes JMP 8AFE27A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 82A5099A 5 Bytes JMP 8AFE277A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 82A5504F 5 Bytes JMP 8AFE280F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 82A59317 5 Bytes JMP 8AFE2728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateUserProcess 82A679D5 5 Bytes JMP 8AFE2766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 82A85372 5 Bytes JMP 8AFE2837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 82A86576 5 Bytes JMP 8AFE284B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 82AC493F 5 Bytes JMP 8AFE273C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 82AC498A 7 Bytes JMP 8AFE2750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 82AC5443 5 Bytes JMP 8AFE278E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F406320, 0x3EEB57, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[764] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[764] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 000A008E
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 000A0F52
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 000A0F23
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 000A00BA
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 000A0062
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 000A007D
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 000A0F9E
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 000A0040
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 000A0025
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 000A0F6D
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetProcAddress 767E903B 3 Bytes JMP 000A00DF
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetProcAddress + 4 767E903F 1 Byte [89]
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileW 767EAECB 3 Bytes JMP 000A0FD4
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileW + 4 767EAECF 1 Byte [89]
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileA 767ECE5F 3 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileA + 4 767ECE63 1 Byte [89]
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 000A00A9
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00090FA8
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!system 762B804B 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_open 762BD106 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00090FCD
.text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 000B004A
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 000B0FA8
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 000B0039
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 000B0065
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 000B0FDE
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 000B001E
.text C:\Windows\system32\svchost.exe[804] WS2_32.dll!socket 779036D1 5 Bytes JMP 000C000A
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00970F75
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00970F86
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 009700F1
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00970F64
.text C:\Windows\system32\services.exe[812] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00970082
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00970025
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 0097004A
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 009700B1
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00970FA8
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00970FD4
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00970FC3
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 0097005B
.text C:\Windows\system32\services.exe[812] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00970F97
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00970102
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 0097000A
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00970FEF
.text C:\Windows\system32\services.exe[812] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 009700D6
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 009C006C
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 009C0040
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 009C000A
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 009C005B
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 009C0091
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 009C0025
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00910F8D
.text C:\Windows\system32\services.exe[812] msvcrt.dll!system 762B804B 5 Bytes JMP 00910FB2
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00910FCD
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_open 762BD106 5 Bytes JMP 00910FEF
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00910018
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00910FDE
.text C:\Windows\system32\services.exe[812] WS2_32.dll!socket 779036D1 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00A50F72
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00A500B8
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00A500E7
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00A50F50
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00A5008C
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00A50FDE
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00A50FCD
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00A5009D
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00A5007B
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00A50FBC
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00A5005E
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00A50043
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00A50F97
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00A500F8
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00A5000A
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00A50FEF
.text C:\Windows\system32\lsass.exe[848] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00A50F61
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00A60076
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00A6000A
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00A60065
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00A60091
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00A60025
.text C:\Windows\system32\lsass.exe[848] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00A60040
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00A00FB6
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!system 762B804B 5 Bytes JMP 00A0004B
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00A0003A
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!_open 762BD106 5 Bytes JMP 00A00000
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00A00FDB
.text C:\Windows\system32\lsass.exe[848] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00A0001D
.text C:\Windows\system32\lsass.exe[848] WS2_32.dll!socket 779036D1 5 Bytes JMP 00E0000A
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 006E009F
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 006E008E
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 006E0F23
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 006E00BA
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 006E0058
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 006E0FD4
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 006E0FAF
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 006E0F63
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 006E0047
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 006E0F94
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 006E0036
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 006E001B
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 006E0073
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 006E0F12
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 006E0FE5
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 006E0000
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 006E0F3E
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 0025005F
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!system 762B804B 5 Bytes JMP 00250FCA
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_open 762BD106 5 Bytes JMP 00250000
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00250044
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 0025001D
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 006F0F83
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 006F0FAF
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 006F0F94
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 006F0F72
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 006F0011
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 006F0000
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 006F0FC0
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!socket 779036D1 5 Bytes JMP 00700FE5
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00790F3C
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00790F57
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 007900B8
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00790F21
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00790F8A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00790011
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 0079002C
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00790F68
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00790058
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00790FB6
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00790F9B
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 0079003D
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00790F79
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 007900D3
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00790FE5
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 0079009D
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00740F7A
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!system 762B804B 5 Bytes JMP 00740F8B
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00740FB7
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_open 762BD106 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00740F9C
.text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00740FDE
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 007A0051
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 007A0FB9
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 007A000A
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 007A0040
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 007A0FEF
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 007A0FCA
.text C:\Windows\system32\svchost.exe[1068] WS2_32.dll!socket 779036D1 5 Bytes JMP 007F0FE5
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00930F5A
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00930F6B
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00930F1D
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00930F2E
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00930082
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00930025
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00930036
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00930F7C
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00930065
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00930FB9
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00930FA8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00930FCA
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 009300CF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 0093000A
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00930F3F
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 007D005F
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!system 762B804B 5 Bytes JMP 007D0044
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 007D0029
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_open 762BD106 5 Bytes JMP 007D000C
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 007D0FD4
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 007D0FEF
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00940F9E
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00940FCA
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 0094000A
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00940FB9
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 0094005B
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 0094002C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 0094001B
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00940FDB
.text C:\Windows\System32\svchost.exe[1160] WS2_32.dll!socket 779036D1 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00AF0F3A
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00AF0F4B
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00AF0EFD
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00AF0F0E
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00AF0051
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00AF0FCA
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00AF0FB9
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00AF006C
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00AF0F77
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00AF0036
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00AF0F94
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00AF0025
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00AF0F66
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00AF00AF
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00AF0FE5
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00AF0000
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00AF0F29
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00AE0FCD
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!system 762B804B 5 Bytes JMP 00AE0FDE
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00AE0FEF
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_open 762BD106 5 Bytes JMP 00AE0000
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00AE004E
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00AE001D
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00B00F83
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00B00014
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00B00FEF
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00B00025
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00B00036
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00B00FB9
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00B00FD4
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00B00FA8
.text C:\Windows\System32\svchost.exe[1224] WS2_32.dll!socket 779036D1 5 Bytes JMP 00B10000
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 014E0F4F
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 014E0F6A
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 014E0F0F
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 014E00B0
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 014E0FAA
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 014E002C
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 014E003D
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 014E0095
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 014E0084
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 014E0058
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 014E0073
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 014E0FD1
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 014E0F8F
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 014E00C1
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 014E001B
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 014E0000
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 014E0F3E
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 01490F7C
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!system 762B804B 5 Bytes JMP 01490FA1
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 01490FD7
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_open 762BD106 5 Bytes JMP 01490000
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 01490FBC
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 01490011
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 014F0F7C
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 014F0FA8
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 014F0FEF
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 014F0F97
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 014F0F61
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 014F0FC3
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 014F0FD4
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 014F0014
.text C:\Windows\system32\svchost.exe[1244] WS2_32.dll!socket 779036D1 5 Bytes JMP 01500000
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00B100A6
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00B10F6A
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00B10F34
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00B10F45
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00B10F8F
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00B10022
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00B1003D
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00B10095
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00B10FA0
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00B10FC7
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00B10069
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00B10058
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00B10084
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00B100DC
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00B10011
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00B10000
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00B100C1
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00A70FAD
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!system 762B804B 5 Bytes JMP 00A70FBE
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00A70FE3
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_open 762BD106 5 Bytes JMP 00A70000
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00A70038
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00A7001D
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00EF005B
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00EF0036
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00EF0FE5
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00EF0FAF
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00EF0F9E
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00EF000A
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00EF0FCA
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00EF0025
.text C:\Windows\system32\svchost.exe[1460] WS2_32.dll!socket 779036D1 5 Bytes JMP 00F40000
.text C:\Windows\system32\svchost.exe[1460] WinInet.dll!InternetOpenA 764ED47D 5 Bytes JMP 00B00FEF
.text C:\Windows\system32\svchost.exe[1460] WinInet.dll!InternetOpenW 764ED7DA 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1460] WinInet.dll!InternetOpenW 764ED7DA 5 Bytes JMP 00B00FDE
.text C:\Windows\system32\svchost.exe[1460] WinInet.dll!InternetOpenUrlA 764EFE4B 5 Bytes JMP 00B0001E
.text C:\Windows\system32\svchost.exe[1460] WinInet.dll!InternetOpenUrlW 76539139 5 Bytes JMP 00B00FCD
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 009400C6
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00940F80
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00940F65
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 009400FC
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 0094009A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00940FD1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00940022
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00940F9B
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 0094007F
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00940FB6
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00940033
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 009400B5
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00940117
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 009400E1
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00920FA6
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!system 762B804B 5 Bytes JMP 00920031
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00920FD2
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_open 762BD106 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00920FB7
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00920FE3
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00960F8D
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00960014
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00960F5E
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00960FC3
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00960FDE
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00960FB2
.text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!socket 779036D1 5 Bytes JMP 00D40FE5
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00860093
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 00860082
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 008600C9
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 008600AE
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 0086004C
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00860FD1
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00860FC0
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00860067
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00860F72
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00860F9E
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00860F83
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00860FAF
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00860F57
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 008600E4
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00860011
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00860000
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00860F3C
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00340042
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!system 762B804B 5 Bytes JMP 00340027
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00340FD2
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!_open 762BD106 5 Bytes JMP 00340FEF
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00340FC1
.text C:\Windows\System32\svchost.exe[1672] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 0034000C
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 008B0F9E
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 008B0040
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 008B0FEF
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 008B0FAF
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 008B0051
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 008B0014
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 008B0FDE
.text C:\Windows\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 008B002F
.text C:\Windows\System32\svchost.exe[1672] WS2_32.dll!socket 779036D1 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 007F00BA
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 007F00A9
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 007F00DC
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 007F0F4F
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 007F007D
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 007F0011
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 007F0FC0
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 007F0098
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 007F006C
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 007F0051
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 007F0FAF
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 007F0036
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 007F0F88
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 007F0F20
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 007F0FE5
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 007F00CB
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!system 762B804B 5 Bytes JMP 00790058
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_open 762BD106 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00790033
.text C:\Windows\system32\svchost.exe[1992] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 0079000C
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00800036
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00800F9E
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 0080001B
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00800F83
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00800FB9
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00800FD4
.text C:\Windows\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 0080000A
.text C:\Windows\system32\svchost.exe[1992] WS2_32.dll!socket 779036D1 5 Bytes JMP 0085000A
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00850F87
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 008500D7
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 008500F9
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 00850F6C
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 0085009A
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00850FE5
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 008500C6
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00850089
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00850051
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00850062
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00850FD4
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 008500B5
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00850F51
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 008500E8
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00840FC6
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!system 762B804B 5 Bytes JMP 00840047
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 0084002C
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!_open 762BD106 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00840FD7
.text C:\Windows\system32\svchost.exe[2228] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00840011
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 008A0F80
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 008A002C
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 008A0F9B
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 008A0F6F
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 008A0011
.text C:\Windows\system32\svchost.exe[2228] WS2_32.dll!socket 779036D1 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 00920F79
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 009200B5
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00920F68
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 009200F5
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 00920078
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00920FD4
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 00920FC3
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 009200A4
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00920067
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00920040
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00920F9E
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 0092002F
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00920093
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 0092011A
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 009200DA
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00210069
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!system 762B804B 5 Bytes JMP 00210058
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_open 762BD106 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00210FDE
.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00210029
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00970047
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00970036
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00970FAF
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00970F94
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 0097001B
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00970FCA
.text C:\Windows\system32\svchost.exe[2484] WS2_32.dll!socket 779036D1 5 Bytes JMP 00980000
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!GetStartupInfoW 767A1929 5 Bytes JMP 000100EC
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!GetStartupInfoA 767A19C9 5 Bytes JMP 000100D1
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateProcessW 767A1BF3 5 Bytes JMP 00010F6D
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateProcessA 767A1C28 5 Bytes JMP 0001010E
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!VirtualProtect 767A1DC3 5 Bytes JMP 0001009B
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateNamedPipeA 767A2EF5 5 Bytes JMP 00010014
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateNamedPipeW 767A5C0C 5 Bytes JMP 0001002F
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00010FA6
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00010080
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00010054
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00010065
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00010FCD
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 000100B6
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 00010F5C
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[2724] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 000100FD
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 00050040
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00050FAF
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00050FE5
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00050F9E
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 00050F83
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00050FD4
.text C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00050025
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00060F9E
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!system 762B804B 5 Bytes JMP 00060FB9
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00060022
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!_open 762BD106 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00060033
.text C:\Windows\Explorer.EXE[2724] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00060011
.text C:\Windows\Explorer.EXE[2724] WININET.dll!InternetOpenA 764ED47D 5 Bytes JMP 009C0FEF
.text C:\Windows\Explorer.EXE[2724] WININET.dll!InternetOpenW 764ED7DA 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2724] WININET.dll!InternetOpenW 764ED7DA 5 Bytes JMP 009C0FDE
.text C:\Windows\Explorer.EXE[2724] WININET.dll!InternetOpenUrlA 764EFE4B 5 Bytes JMP 009C0FC3
.text C:\Windows\Explorer.EXE[2724] WININET.dll!InternetOpenUrlW 76539139 5 Bytes JMP 009C001E
.text C:\Windows\Explorer.EXE[2724] WS2_32.dll!socket 779036D1 5 Bytes JMP 035B0FEF
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoW 767A1929 3 Bytes JMP 00060F52
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoW + 4 767A192D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoA 767A19C9 3 Bytes JMP 00060098
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoA + 4 767A19CD 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateProcessW 767A1BF3 3 Bytes JMP 000600A9
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateProcessW + 4 767A1BF7 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateProcessA 767A1C28 3 Bytes JMP 00060F12
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateProcessA + 4 767A1C2C 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!VirtualProtect 767A1DC3 3 Bytes JMP 00060087
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!VirtualProtect + 4 767A1DC7 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeA 767A2EF5 3 Bytes JMP 00060FE5
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeA + 4 767A2EF9 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeW 767A5C0C 3 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeW + 4 767A5C10 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreatePipe 767C8E6E 5 Bytes JMP 00060F77
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!LoadLibraryExW 767C9109 5 Bytes JMP 00060FA3
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!LoadLibraryW 767C9362 5 Bytes JMP 00060051
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!LoadLibraryExA 767C94B4 5 Bytes JMP 00060062
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!LoadLibraryA 767C94DC 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!VirtualProtectEx 767CDBDA 5 Bytes JMP 00060F88
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!GetProcAddress 767E903B 5 Bytes JMP 000600BA
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateFileW 767EAECB 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!CreateFileA 767ECE5F 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[2788] kernel32.dll!WinExec 76835CF7 5 Bytes JMP 00060F37
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00050FA4
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!system 762B804B 5 Bytes JMP 00050FB5
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00050FC6
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!_open 762BD106 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2788] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyExA 76B039AB 5 Bytes JMP 0007002F
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyA 76B03BA9 5 Bytes JMP 00070014
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyA 76B089C7 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyW 76B1391E 5 Bytes JMP 00070F8D
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyExW 76B141F1 5 Bytes JMP 0007004A
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyExA 76B17C42 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyW 76B1E2B5 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyExW 76B27BA1 5 Bytes JMP 00070FA8

Attached Files


Edited by hamluis, 11 October 2010 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 11 October 2010 - 11:29 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 13 October 2010 - 04:12 PM

Hi there Gringo,

Thank you for getting back to me and helping me out - it's much appreciated.

I've downloaded and run DeFogger.

I've downloaded and run DDS. Contents of both pasted below as requested.

I've run RKUnhooker - contents of scan log posted below.

All of the above ran without any problems.




DDS (Ver_10-10-10.03) - NTFSx86
Run by Greig at 21:58:34.03 on 13/10/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1623 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\O2 Assistant\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\O2 Assistant\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Users\Greig\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\greig\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\users\greig\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sketch~1.lnk - c:\program files\autodesk\sketchbookpro2010\SketchBookSnapshot.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BF4E145A-44A4-48B9-9B39-F0188D7B0743} = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-18 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67656]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2009-3-3 13312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-29 88176]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-27 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-27 144704]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-3 29736]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10448]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-27 40552]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-26 4247552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-3-2 45600]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-3 238464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-27 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-10-12 22:41:37 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-12 22:41:36 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 22:41:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 22:41:05 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 22:41:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 22:41:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 22:41:04 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-10 14:41:47 53248 ----a-r- c:\users\greig\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-10-10 14:41:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-10 14:39:40 -------- d-----w- c:\users\greig\appdata\roaming\Logishrd
2010-10-09 12:39:08 -------- d-----w- c:\users\greig\Website
2010-10-03 19:56:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 19:32:07 -------- d-----w- c:\program files\TweakUAC
2010-09-21 19:22:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-18 08:06:26 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-18 08:06:23 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-18 08:06:20 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-18 08:06:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-18 08:06:15 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-17 23:59:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-17 23:58:52 -------- d-----w- c:\progra~2\Hitman Pro
2010-09-17 23:58:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-17 23:43:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-17 23:28:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-17 23:28:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-17 23:24:20 -------- d-----w- c:\users\greig\appdata\local\Sunbelt Software
2010-09-17 23:22:50 -------- dc-h--w- c:\progra~2\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-17 23:22:08 -------- d-----w- c:\program files\Lavasoft
2010-09-17 22:57:50 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-09-17 22:57:49 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-17 22:45:03 -------- d-----w- c:\program files\CCleaner
2010-09-17 22:43:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8

==================== Find3M ====================

2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 21:59:38.55 ===============












UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/04/2009 05:12:21
System Uptime: 13/10/2010 20:40:48 (1 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | Q320/P320
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1200/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 89.748 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 138.441 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP231: 21/09/2010 20:10:34 - Windows Update
RP232: 21/09/2010 22:15:38 - Windows Update
RP233: 22/09/2010 19:15:29 - Scheduled Checkpoint
RP234: 22/09/2010 23:27:42 - Windows Update
RP235: 23/09/2010 21:09:53 - Scheduled Checkpoint
RP236: 24/09/2010 20:59:32 - Scheduled Checkpoint
RP237: 25/09/2010 09:49:15 - Scheduled Checkpoint
RP238: 04/10/2010 07:37:18 - Windows Update
RP239: 05/10/2010 21:04:56 - Scheduled Checkpoint
RP240: 07/10/2010 20:21:23 - Scheduled Checkpoint
RP241: 08/10/2010 21:30:39 - Windows Update
RP242: 09/10/2010 11:55:59 - Scheduled Checkpoint
RP243: 10/10/2010 11:42:59 - Scheduled Checkpoint
RP244: 11/10/2010 20:22:17 - Scheduled Checkpoint
RP245: 13/10/2010 20:20:37 - Windows Update

==== Installed Programs ======================

2007 Microsoft Office system
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
µTorrent
Autodesk SketchBookPro 2010 R1
BatteryLifeExtender
Bonjour
Business Contact Manager for Outlook 2007 SP2
CCleaner
Connect
Corel Painter IX
CyberLink DVD Suite
CyberLink PowerDVD 8
CyberLink YouCam
Dropbox
Easy Battery Manager
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
eReg
FileZilla Client 3.3.4.1
Free RAR Extract Frog
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
imagine digital freedom - Samsung
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 21
kuler
Logitech SetPoint 6.15
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
MSVCRT
My O2
Namuga 1.3M Webcam
NVIDIA Drivers
O2InstV3Win7UpdateV1
OGA Notifier 2.0.0048.0
PCTroubleshooting
PDF Settings CS4
Photoshop Camera Raw
PowerISO
QuickTime
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skype™ 4.1
Spotify
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TweakUAC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
User Guide
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WIDCOMM Bluetooth Software 6.1.0.5200
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

13/10/2010 20:43:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ttpdaf
13/10/2010 20:43:24, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/10/2010 20:42:46, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126
13/10/2010 20:34:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
13/10/2010 20:34:24, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/10/2010 20:29:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/10/2010 20:19:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
13/10/2010 20:19:38, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/10/2010 00:02:35, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==== End Of File ===========================






RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F00F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.60 )
0x8F806000 C:\Windows\system32\DRIVERS\NETw5v32.sys 4284416 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82806000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x82806000 PnpManager 3846144 bytes
0x82806000 RAW 3846144 bytes
0x82806000 WMIxWDM 3846144 bytes
0x8E80D000 C:\Windows\system32\drivers\RTKVHDA.sys 2248704 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x988E0000 Win32k 2109440 bytes
0x988E0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AC0B000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A9C2000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FE89000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8A4DA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA247F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9107D000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8A800000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91193000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F742000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AF06000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8AB66000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8ADCD000 C:\Windows\system32\drivers\btwaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x8A5BA000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A76F000 C:\Windows\system32\drivers\btwavdt.sys 462848 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8A951000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8A410000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9129A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8FC1C000 C:\Windows\system32\DRIVERS\yk60x86.sys 327680 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xA2408000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x98B30000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8A6EC000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8EB98000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8A643000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8A499000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FD27000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AEC8000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AF93000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AAF8000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91001000 C:\Windows\System32\Drivers\VMC326.sys 241664 bytes (Vimicro Corporation, Vimicro USB Video Class Camera)
0x91392000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AD1B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FE43000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BB1000 ACPI_HAL 208896 bytes
0x82BB1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8AB33000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0x8A900000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FF73000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FC8E000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8FCF8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EA32000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AACD000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FE02000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x91253000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8EB33000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0x8A746000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x8AE7E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AD6B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8A69A000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8EA5F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FD95000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8FFD4000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8ADA3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x91352000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8EAC5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x91373000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A8E2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91307000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8EB18000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91170000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8ABE6000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x91324000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FCCB000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x913CB000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8AFCF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FD73000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8AE67000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA2595000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EBE0000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EB5C000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9133D000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FDDB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FDC7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EB84000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8FC70000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x91287000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FFB3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8EB72000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xA257A000 C:\Windows\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA246E000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8AD92000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FE78000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8A480000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A932000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8AE57000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x91243000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A736000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8FDF0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8FCE9000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8A942000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x91161000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AD5C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8A6C1000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FDB8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F000000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A6DD000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x98B20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FFA5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EB01000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8EA84000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0x8FFC6000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8AFE6000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x91070000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FE36000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8A636000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA2567000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8EAB9000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F7E3000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FC83000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8FCC0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EAF6000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FD8A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FD68000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AEB4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F7EF000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8A6D3000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8FFF6000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8AE4D000 C:\Windows\system32\DRIVERS\btwl2cap.sys 40960 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x91157000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FE2C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9127D000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E800000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA255D000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8ADC4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8EA92000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9103C000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9104E000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x91045000 C:\Windows\System32\Drivers\LEqdUsb.Sys 36864 bytes (Logitech, Inc., Logitech Equad USB Driver.)
0xA258C000 C:\Windows\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xA25AB000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8EB0F000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98B00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AEBF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A689000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A8DA000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8A491000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9118B000 C:\Windows\system32\DRIVERS\kmdfmemio.sys 32768 bytes (SAMSUNG ELECTRONICS CO., LTD., Non PnP Driver)
0x91060000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x91068000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x91057000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8A692000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EAE6000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EAEE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AD54000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8EAA2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EAB2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8A409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA2573000 C:\Windows\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8EA9B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8FCE3000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EBF6000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8FC6C000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8E80A000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8A6D0000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FE00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FCBE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9105F000 C:\Windows\System32\Drivers\LHidEqd.Sys 4096 bytes (Logitech, Inc., Logitech HID Filter Driver.)
==============================================
>Stealth
==============================================


Many thanks!

Greig






#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 13 October 2010 - 06:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 14 October 2010 - 02:24 PM

Hi again Gringo,

I followed your instructions and ran Combofix, log below:



ComboFix 10-10-12.03 - Greig 14/10/2010 19:41:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1921 [GMT 1:00]
Running from: c:\users\Greig\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

----- BITS: Possible infected sites -----

hxxp://sync.mobilebroadband.o2.co.uk:8080
c:\windows\System32\plasrv.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 19:13 . 2010-10-14 19:13 -------- d-----w- c:\users\Greig\AppData\Local\temp
2010-10-14 19:13 . 2010-10-14 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 22:41 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 22:41 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 22:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 22:41 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 22:41 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 22:41 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 22:41 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-10 17:36 . 2010-10-10 21:15 -------- d-----w- c:\users\Greig\AppData\Roaming\FileZilla
2010-10-10 16:47 . 2010-10-10 16:47 -------- d-----w- c:\program files\FileZilla FTP Client
2010-10-10 14:42 . 2010-10-10 14:42 -------- d-----w- c:\programdata\Logitech
2010-10-10 14:41 . 2010-10-10 14:41 -------- d-----w- c:\users\Greig\AppData\Roaming\Leadertech
2010-10-10 14:41 . 2010-10-10 14:41 53248 ----a-r- c:\users\Greig\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-10-10 14:41 . 2010-10-10 14:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-10 14:40 . 2010-10-10 14:42 -------- d-----w- c:\programdata\Logishrd
2010-10-10 14:40 . 2010-10-10 14:40 -------- d-----w- c:\program files\Logitech
2010-10-10 14:39 . 2010-10-10 14:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-10-10 14:39 . 2010-10-10 14:42 -------- d-----w- c:\users\Greig\AppData\Roaming\Logitech
2010-10-10 14:39 . 2010-10-10 14:39 -------- d-----w- c:\users\Greig\AppData\Roaming\Logishrd
2010-10-09 12:39 . 2010-10-09 12:39 -------- d-----w- c:\users\Greig\Website
2010-10-03 19:56 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 19:32 . 2010-09-24 19:32 -------- d-----w- c:\program files\TweakUAC
2010-09-21 19:22 . 2010-09-21 19:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-18 08:06 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-18 08:06 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-18 08:06 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-18 08:06 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-18 08:06 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-17 23:59 . 2010-10-04 20:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-17 23:58 . 2010-09-18 00:06 -------- d-----w- c:\programdata\Hitman Pro
2010-09-17 23:58 . 2010-09-17 23:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-17 23:43 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-17 23:28 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-17 23:28 . 2010-09-17 23:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-17 23:24 . 2010-09-17 23:24 -------- d-----w- c:\users\Greig\AppData\Local\Sunbelt Software
2010-09-17 23:22 . 2010-09-17 23:22 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-17 23:22 . 2010-09-17 23:28 -------- d-----w- c:\programdata\Lavasoft
2010-09-17 23:22 . 2010-09-17 23:22 -------- d-----w- c:\program files\Lavasoft
2010-09-17 22:57 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-17 22:57 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-17 22:45 . 2010-09-17 22:45 -------- d-----w- c:\program files\CCleaner
2010-09-17 22:43 . 2010-09-17 22:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-24 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-24 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-02-10 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

c:\users\Greig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-11 752168]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-11 09:08 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-15 19:23 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 ttpdaf;ttpdaf;c:\windows\System32\drivers\qwxtxrey.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-09-05 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-09-05 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-09-05 67656]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-03-18 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-03-18 10448]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-11-21 238464]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 12:22]

2010-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 12:22]

2010-10-14 c:\windows\Tasks\User_Feed_Synchronization-{ED5D90DB-1CD7-4204-A34D-D9180F17D9C5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {BF4E145A-44A4-48B9-9B39-F0188D7B0743} = 192.168.1.254
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Google Update - c:\users\Greig\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM-Run-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE


.
Completion time: 2010-10-14 20:16:57
ComboFix-quarantined-files.txt 2010-10-14 19:16

Pre-Run: 95,668,113,408 bytes free
Post-Run: 95,697,756,160 bytes free

- - End Of File - - E313B4B27F6552FAB1DA58286F160AF1




I've experieinced no new problems with the computer other than those which I reported originally. I have not had it freeze or BSOD on me for a few days now. I have stopped using Firefox for the time being due to the re-directions that were occuring and am using IE which appears to not be giving me any problems, although I am still experiencing very slow running.

Thank you,

Greig


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 14 October 2010 - 03:11 PM

Hello Greig

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
plasrv.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Driver::
ttpdaf


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 14 October 2010 - 04:27 PM

OK Gringo- done as instructed:

SystemLook 04.09.10 by jpshortstuff
Log created at 21:27 on 14/10/2010 by Greig
Administrator - Elevation successful

========== filefind ==========

Searching for "plasrv.exe"
C:\Windows\System32\plasrv.exe --a---- 7680 bytes [08:35 02/11/2006] [09:45 02/11/2006] 81C06EC21B495FA5BC2AB29A751FF384
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe --a---- 7680 bytes [08:35 02/11/2006] [09:45 02/11/2006] 81C06EC21B495FA5BC2AB29A751FF384
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\plasrv.exe --a---- 7680 bytes [08:35 02/11/2006] [09:45 02/11/2006] 81C06EC21B495FA5BC2AB29A751FF384

-= EOF =-








The first time I ran Combfix with the script it crashed, second time it ran ok:




ComboFix 10-10-12.03 - Greig 14/10/2010 21:44:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2147 [GMT 1:00]
Running from: c:\users\Greig\Desktop\ComboFix.exe
Command switches used :: c:\users\Greig\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\plasrv.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ttpdaf


((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 21:15 . 2010-10-14 21:17 -------- d-----w- c:\users\Greig\AppData\Local\temp
2010-10-14 21:15 . 2010-10-14 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 22:41 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 22:41 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 22:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 22:41 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 22:41 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 22:41 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 22:41 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-10 17:36 . 2010-10-10 21:15 -------- d-----w- c:\users\Greig\AppData\Roaming\FileZilla
2010-10-10 16:47 . 2010-10-10 16:47 -------- d-----w- c:\program files\FileZilla FTP Client
2010-10-10 14:42 . 2010-10-10 14:42 -------- d-----w- c:\programdata\Logitech
2010-10-10 14:41 . 2010-10-10 14:41 -------- d-----w- c:\users\Greig\AppData\Roaming\Leadertech
2010-10-10 14:41 . 2010-10-10 14:41 53248 ----a-r- c:\users\Greig\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-10-10 14:41 . 2010-10-10 14:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-10 14:40 . 2010-10-10 14:42 -------- d-----w- c:\programdata\Logishrd
2010-10-10 14:40 . 2010-10-10 14:40 -------- d-----w- c:\program files\Logitech
2010-10-10 14:39 . 2010-10-10 14:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-10-10 14:39 . 2010-10-10 14:42 -------- d-----w- c:\users\Greig\AppData\Roaming\Logitech
2010-10-10 14:39 . 2010-10-10 14:39 -------- d-----w- c:\users\Greig\AppData\Roaming\Logishrd
2010-10-09 12:39 . 2010-10-09 12:39 -------- d-----w- c:\users\Greig\Website
2010-10-03 19:56 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 19:32 . 2010-09-24 19:32 -------- d-----w- c:\program files\TweakUAC
2010-09-21 19:22 . 2010-09-21 19:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-18 08:06 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-18 08:06 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-18 08:06 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-18 08:06 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-18 08:06 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-17 23:59 . 2010-10-04 20:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-17 23:58 . 2010-09-18 00:06 -------- d-----w- c:\programdata\Hitman Pro
2010-09-17 23:58 . 2010-09-17 23:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-17 23:43 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-17 23:28 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-17 23:28 . 2010-09-17 23:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-17 23:24 . 2010-09-17 23:24 -------- d-----w- c:\users\Greig\AppData\Local\Sunbelt Software
2010-09-17 23:22 . 2010-09-17 23:22 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-17 23:22 . 2010-09-17 23:28 -------- d-----w- c:\programdata\Lavasoft
2010-09-17 23:22 . 2010-09-17 23:22 -------- d-----w- c:\program files\Lavasoft
2010-09-17 22:57 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-17 22:57 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-17 22:45 . 2010-09-17 22:45 -------- d-----w- c:\program files\CCleaner
2010-09-17 22:43 . 2010-09-17 22:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-24 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-24 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-02-10 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

c:\users\Greig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-11 752168]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-11 09:08 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-15 19:23 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-09-05 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-09-05 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-09-05 67656]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-03-18 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-03-18 10448]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-11-21 238464]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 12:22]

2010-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 12:22]

2010-10-14 c:\windows\Tasks\User_Feed_Synchronization-{ED5D90DB-1CD7-4204-A34D-D9180F17D9C5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {BF4E145A-44A4-48B9-9B39-F0188D7B0743} = 192.168.1.254
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2356)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\users\Greig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-10-14 22:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 21:23
ComboFix2.txt 2010-10-14 19:16

Pre-Run: 95,582,605,312 bytes free
Post-Run: 95,253,954,560 bytes free

- - End Of File - - 9E1178FCB2D99AD59EF93C81A296C174



No new problems or BSOD etc to report.

Cheers,

Greig



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 14 October 2010 - 04:47 PM

Hello

none of those are any good all are infected - do you have access to another Vista computer?

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      /md5start
      plasrv.exe
      /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 15 October 2010 - 02:23 AM

I do have access to another Vista computer - at work but not at home with my laptop.

I have run OTL as instructed:


OTL logfile created on: 15/10/2010 08:12:36 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Greig\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.09 Gb Total Space | 88.72 Gb Free Space | 62.44% Space Free | Partition Type: NTFS
Drive D: | 143.00 Gb Total Space | 138.44 Gb Free Space | 96.81% Space Free | Partition Type: NTFS

Computer Name: JOLLY | User Name: Greig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 08:09:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Greig\Desktop\OTL.exe
PRC - [2010/10/06 22:33:53 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/06 22:33:52 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/26 01:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 20:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/23 15:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe
PRC - [2010/04/23 15:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe
PRC - [2010/04/23 15:04:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtcmd.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
PRC - [2010/02/11 13:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/25 10:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/01/25 10:03:04 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/11/11 12:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/09 04:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/04 17:12:14 | 000,708,608 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/23 15:26:24 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/02/09 13:51:00 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/12/11 10:07:40 | 006,703,648 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/12/10 08:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008/10/17 02:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/09/11 16:46:06 | 001,853,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/09/11 16:46:06 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/08/26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 08:09:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Greig\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 22:33:52 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/23 15:04:16 | 000,383,408 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/04/23 15:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe -- (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA)
SRV - [2010/04/23 15:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe -- (tgsrvc_O2DA) SupportSoft Repair Service (O2DA)
SRV - [2010/04/18 15:33:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 10:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/11/11 12:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/30 10:07:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\ykx32mpcoinst.dll -- (yksvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Greig\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/05 17:51:59 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/05 17:51:59 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/05 17:51:59 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 10:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/11/11 12:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 12:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 12:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/09 04:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/26 06:47:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/02/24 21:49:00 | 007,547,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/30 10:07:00 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/12/11 09:23:08 | 002,250,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/04 04:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/11/21 02:22:24 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/09/12 05:58:32 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/09/12 05:58:32 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/09/12 05:58:30 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/09/05 20:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/28 03:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/31 05:55:14 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...N&bmod=SMSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Creative Commons"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/13 23:28:20 | 000,000,000 | ---D | M]

[2009/08/04 00:17:41 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Mozilla\Firefox\Profiles\llxd1qjt.default\extensions
[2009/08/08 16:00:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Greig\AppData\Roaming\Mozilla\Firefox\Profiles\llxd1qjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 12:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/14 22:17:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Greig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Greig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Greig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/19 22:23:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/15 08:08:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Greig\Desktop\OTL.exe
[2010/10/14 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Local\temp
[2010/10/14 22:22:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/14 21:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/14 19:38:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/14 19:38:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/14 19:38:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/14 19:38:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/14 19:38:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/10 18:36:15 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\FileZilla
[2010/10/10 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/10/10 17:13:58 | 000,000,000 | ---D | C] -- C:\Users\Greig\Desktop\wordpress-3.0.1
[2010/10/10 15:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/10/10 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\Leadertech
[2010/10/10 15:40:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/10/10 15:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010/10/10 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/10 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/10/10 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\Logitech
[2010/10/10 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\Logishrd
[2010/10/09 14:01:25 | 000,000,000 | R--D | C] -- C:\Users\Greig\Contacts
[2010/10/09 13:39:08 | 000,000,000 | ---D | C] -- C:\Users\Greig\Website
[2010/10/04 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Greig\Desktop\gmer
[2010/09/24 20:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TweakUAC
[2010/09/21 20:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/19 22:37:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/18 00:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/09/18 00:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/18 00:44:07 | 000,000,000 | ---D | C] -- D:\Documents\Visual Studio 2005
[2010/09/18 00:28:26 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/09/18 00:28:22 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/09/18 00:24:20 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Local\Sunbelt Software
[2010/09/18 00:22:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/18 00:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/18 00:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/17 23:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/17 23:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/09/08 18:22:17 | 000,000,000 | R--D | C] -- D:\Documents\My Dropbox
[2010/09/08 18:16:36 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\Dropbox
[2010/08/19 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Roaming\Spotify
[2010/08/19 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\Greig\AppData\Local\Spotify
[2010/08/19 20:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/08/19 20:04:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/19 20:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/17 16:47:07 | 000,000,000 | ---D | C] -- D:\Documents\My Received Files

========== Files - Modified Within 90 Days ==========

[2010/10/15 08:09:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Greig\Desktop\OTL.exe
[2010/10/15 08:00:10 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/15 08:00:02 | 000,120,691 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/15 07:59:49 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED5D90DB-1CD7-4204-A34D-D9180F17D9C5}.job
[2010/10/15 07:59:38 | 000,024,913 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/10/15 07:58:02 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 07:58:01 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 07:57:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/14 23:21:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/14 22:17:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/14 21:37:34 | 292,555,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/14 21:27:01 | 000,075,264 | ---- | M] () -- C:\Users\Greig\Desktop\SystemLook.exe
[2010/10/13 22:02:45 | 000,133,632 | ---- | M] () -- C:\Users\Greig\Desktop\RKUnhookerLE.EXE
[2010/10/13 21:15:53 | 000,544,768 | ---- | M] () -- C:\Users\Greig\Desktop\dds.scr
[2010/10/13 20:47:00 | 000,120,691 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/13 20:43:19 | 002,583,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/10 17:47:33 | 000,001,785 | ---- | M] () -- C:\Users\Greig\Desktop\FileZilla Client.lnk
[2010/10/10 17:41:58 | 000,029,696 | ---- | M] () -- C:\Users\Greig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/10 17:38:33 | 000,658,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/10 17:38:33 | 000,127,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/10 16:57:03 | 000,000,966 | ---- | M] () -- C:\Users\Greig\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/10 16:57:03 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/10 15:44:45 | 000,001,151 | ---- | M] () -- C:\Users\Greig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/10/04 21:54:29 | 000,001,714 | ---- | M] () -- D:\Documents\log.xml
[2010/10/04 21:47:03 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/04 20:57:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/24 20:32:07 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\TweakUAC.lnk
[2010/09/23 20:39:44 | 000,010,162 | ---- | M] () -- C:\Users\Greig\Desktop\Excercise plan.xlsx
[2010/09/19 23:18:23 | 000,000,000 | ---- | M] () -- C:\Users\Greig\defogger_reenable
[2010/09/19 22:35:22 | 000,029,505 | ---- | M] () -- C:\Users\Greig\Desktop\jolly.jpg
[2010/09/18 01:06:53 | 000,000,576 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/09/18 00:58:51 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/18 00:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/09/18 00:22:48 | 000,001,031 | ---- | M] () -- C:\Users\Greig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/18 00:22:48 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/09/17 23:57:01 | 000,171,944 | ---- | M] () -- D:\Documents\cc_20100917_235647.reg
[2010/09/17 23:45:08 | 000,001,670 | ---- | M] () -- C:\Users\Greig\Desktop\CCleaner.lnk
[2010/09/08 18:22:17 | 000,000,941 | ---- | M] () -- C:\Users\Greig\Desktop\Dropbox.lnk
[2010/08/19 20:26:45 | 000,000,788 | ---- | M] () -- C:\Users\Greig\Desktop\Spotify.lnk
[2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/12 13:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2010/10/15 08:00:07 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/14 21:27:21 | 000,001,510 | ---- | C] () -- C:\Users\Greig\SystemLook.txt
[2010/10/14 21:26:53 | 000,075,264 | ---- | C] () -- C:\Users\Greig\Desktop\SystemLook.exe
[2010/10/14 19:38:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/14 19:38:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/14 19:38:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/14 19:38:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/14 19:38:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/13 22:02:15 | 000,133,632 | ---- | C] () -- C:\Users\Greig\Desktop\RKUnhookerLE.EXE
[2010/10/10 17:47:33 | 000,001,785 | ---- | C] () -- C:\Users\Greig\Desktop\FileZilla Client.lnk
[2010/10/10 16:57:03 | 000,000,966 | ---- | C] () -- C:\Users\Greig\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/10 16:57:03 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/10 15:44:45 | 000,001,151 | ---- | C] () -- C:\Users\Greig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/10/04 22:03:03 | 292,555,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/04 21:54:29 | 000,001,714 | ---- | C] () -- D:\Documents\log.xml
[2010/10/04 20:57:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/24 20:32:07 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\TweakUAC.lnk
[2010/09/19 23:19:55 | 000,544,768 | ---- | C] () -- C:\Users\Greig\Desktop\dds.scr
[2010/09/19 23:18:23 | 000,000,472 | ---- | C] () -- C:\Users\Greig\defogger_disable.log
[2010/09/19 23:18:23 | 000,000,000 | ---- | C] () -- C:\Users\Greig\defogger_reenable
[2010/09/19 23:05:27 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
[2010/09/19 22:35:18 | 000,029,505 | ---- | C] () -- C:\Users\Greig\Desktop\jolly.jpg
[2010/09/18 01:06:53 | 000,000,576 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/09/18 00:59:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/18 00:58:51 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/18 00:43:07 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/09/18 00:22:48 | 000,001,031 | ---- | C] () -- C:\Users\Greig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/18 00:22:48 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/09/17 23:56:51 | 000,171,944 | ---- | C] () -- D:\Documents\cc_20100917_235647.reg
[2010/09/17 23:45:08 | 000,001,670 | ---- | C] () -- C:\Users\Greig\Desktop\CCleaner.lnk
[2010/09/10 21:27:11 | 000,010,162 | ---- | C] () -- C:\Users\Greig\Desktop\Excercise plan.xlsx
[2010/09/08 18:22:17 | 000,000,941 | ---- | C] () -- C:\Users\Greig\Desktop\Dropbox.lnk
[2010/08/19 20:26:45 | 000,000,788 | ---- | C] () -- C:\Users\Greig\Desktop\Spotify.lnk
[2010/01/24 14:11:18 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/09/14 22:51:04 | 000,029,696 | ---- | C] () -- C:\Users\Greig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 10:19:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/10 07:56:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/15 04:25:52 | 000,120,691 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/15 04:23:45 | 000,120,691 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/03 04:06:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009/03/03 04:06:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009/03/03 04:04:31 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/03 04:03:10 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
[2009/03/03 03:57:04 | 000,003,468 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009/03/02 09:04:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/09/11 16:45:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/11/19 22:26:16 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Autodesk
[2010/09/25 09:22:50 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Dropbox
[2010/10/10 22:15:01 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\FileZilla
[2010/10/10 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Leadertech
[2010/08/23 21:12:13 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\Spotify
[2010/09/18 01:01:24 | 000,000,000 | ---D | M] -- C:\Users\Greig\AppData\Roaming\uTorrent
[2010/10/15 08:00:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/05/15 14:48:52 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/05/01 01:01:13 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/10/14 23:21:54 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/15 07:59:49 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ED5D90DB-1CD7-4204-A34D-D9180F17D9C5}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: PLASRV.EXE >
[2006/11/02 10:45:32 | 000,007,680 | ---- | M] () MD5=81C06EC21B495FA5BC2AB29A751FF384 -- C:\Windows\System32\plasrv.exe
[2006/11/02 10:45:32 | 000,007,680 | ---- | M] () MD5=81C06EC21B495FA5BC2AB29A751FF384 -- C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe
[2006/11/02 10:45:32 | 000,007,680 | ---- | M] () MD5=81C06EC21B495FA5BC2AB29A751FF384 -- C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\plasrv.exe

< End of report >



OTL Extras logfile created on: 15/10/2010 08:12:36 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Greig\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.09 Gb Total Space | 88.72 Gb Free Space | 62.44% Space Free | Partition Type: NTFS
Drive D: | 143.00 Gb Total Space | 138.44 Gb Free Space | 96.81% Space Free | Partition Type: NTFS

Computer Name: JOLLY | User Name: Greig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F69474-2C82-4D89-A50F-99E8AF30D10F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1F655785-1247-4766-9F03-DE16A486A2B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24CA7DFB-1ADB-4ADE-BB06-185CD49D9C87}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A8368B3-28E7-4BD9-A7C8-9514E1ABAEF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C724FEB-12DE-465B-AADE-A70125717A6A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{651DC5C7-502D-4E5A-8996-438311359D1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A3274FA-7D34-46DA-B325-174458894DAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F35DF7B-B978-49EA-89EE-71827FC2621C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{872664EF-1BA8-4A44-8099-A62815C18090}" = lport=445 | protocol=6 | dir=in | app=system |
"{88546006-D6D6-452F-B347-0EDABD927351}" = lport=139 | protocol=6 | dir=in | app=system |
"{890A359D-B16E-492D-B742-31A2E14A26C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4EA8119-A58F-4301-9CD0-E6730E1FCF85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C59AFCE9-9BD8-4E1C-A93D-C73C4E1FADBA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD58AEE4-BDE3-4E71-AEB5-1BC0045D4CF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE22681E-A18C-4E5F-9F01-11A80E535B72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E237D8CD-0F32-4577-B356-93C6F1B60A2E}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365C8B30-64E4-41D6-B9B4-121427CA4559}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3E2D7338-9729-4DD1-B0BC-859B8548CF76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4314F600-DBE2-49D7-B228-5CE59A831BC6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{45D076CC-9AAE-4A7B-955C-BE43CD37CA0E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4801CA77-2578-4151-8D95-43CC6424B7D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{53E88BC5-D66A-41DC-9229-4A91EC28897A}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{576B3C4B-51DB-4E8A-9F2A-78EAE08EA3B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5950D2F4-BDF1-4CD8-9CA6-F3C651E46D70}" = protocol=6 | dir=in | app=c:\users\greig\appdata\roaming\dropbox\bin\dropbox.exe |
"{5A3B4274-4B0C-4B6E-97D6-D1204438B9A6}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{5A77D95C-11D4-42F3-81CD-71A072723111}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{60C17970-636D-475F-93FD-A4602E19AB92}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{63C1C0B2-7FD7-4740-8FF3-56959A6CB936}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6564DF70-6E6B-4E20-A867-708DAACC8618}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69036869-1F13-4EEF-935D-652F55575ECA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A230EFF-2EE0-40F8-87E7-A656E7E404A0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6D32A730-B6E6-404D-82FA-AED263343CD1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{73476ADE-BB61-411F-9FBE-2AA37773772F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7C3843DA-F880-41CD-8C6E-50AFAC919C98}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{85EB864D-6A23-4376-AF2B-6205EE02D44D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8A91EB46-11B5-4E5F-95BD-FDF970B0703E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CB5C48A-EBC4-4209-99E3-F382D880DB5F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8DF67E37-ED19-4D85-8D03-E8887E5A543D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{979C58ED-90A5-437B-B289-842C056BB46D}" = protocol=6 | dir=in | app=c:\users\greig\appdata\local\temp\rarsfx0\hiw\recover.exe |
"{A1342A57-3A44-44BE-9A80-6DC4C8D1BE1A}" = protocol=17 | dir=in | app=c:\users\greig\appdata\local\temp\rarsfx0\hiw\recover.exe |
"{A1B81623-9F59-4C3E-8348-AFB9D41C557E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B405677A-343A-4557-BC68-1162DCB4892F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B6369678-5CDF-400D-B26A-95276AC93D7B}" = protocol=17 | dir=in | app=c:\users\greig\appdata\roaming\dropbox\bin\dropbox.exe |
"{B9E0AA08-AD53-43C2-9BBC-A3340FE92E69}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CD2DDA43-0B5B-4182-A480-0B8BBC3C57D7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D4FBE3B4-13F0-4207-A824-07344C9C9309}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D51465B9-5707-4267-8D2C-27B305022FDD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D52A71E5-8004-4E05-93D5-E6D838DBB333}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D715C3C1-7302-4654-939C-AA8D9DF210D4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E89A9806-0007-4474-ADC3-D84B66738B7C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBB2A7CE-175F-4827-AEE3-C14748F7056C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EC95BEE4-4F11-4E55-AF77-3CA32EE15CA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE102A9A-B46C-4B48-9B00-8547878346A3}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F43588EA-8588-4AB8-B714-96E3D784FFA7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FDDE37F0-907F-420B-BE00-DC3FC0B7AF3C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.5200
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5B035501-3F57-4772-B0CA-3D5E613A5D86}" = My O2
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E12D9F6-E86A-4EE3-BA5A-965FDBC6687F}" = O2InstV3Win7UpdateV1
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}" = Corel Painter IX
"{A1D6721B-9C28-4E3F-9DE1-C6584B99465D}" = Intel® PROSet/Wireless WiFi Software
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8236DB8-CF1E-476B-A718-0ADBDBD97863}" = Autodesk SketchBookPro 2010 R1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free RAR Extract Frog" = Free RAR Extract Frog
"HitmanPro35" = Hitman Pro 3.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SP6" = Logitech SetPoint 6.15
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TweakUAC_is1" = TweakUAC
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:43:47 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:44:03 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 03/10/2010 15:44:03 | Computer Name = Jolly | Source = Windows Search Service | ID = 3013
Description =

Error - 04/10/2010 02:33:43 | Computer Name = Jolly | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14/10/2010 16:38:01 | Computer Name = Jolly | Source = Service Control Manager | ID = 7026
Description =

Error - 14/10/2010 16:41:36 | Computer Name = Jolly | Source = Service Control Manager | ID = 7034
Description =

Error - 14/10/2010 16:41:36 | Computer Name = Jolly | Source = Service Control Manager | ID = 7031
Description =

Error - 14/10/2010 16:43:21 | Computer Name = Jolly | Source = Service Control Manager | ID = 7030
Description =

Error - 14/10/2010 17:15:12 | Computer Name = Jolly | Source = Service Control Manager | ID = 7030
Description =

Error - 14/10/2010 17:15:18 | Computer Name = Jolly | Source = Service Control Manager | ID = 7030
Description =

Error - 14/10/2010 17:16:21 | Computer Name = Jolly | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 14/10/2010 17:16:31 | Computer Name = Jolly | Source = Service Control Manager | ID = 7000
Description =

Error - 15/10/2010 02:57:55 | Computer Name = Jolly | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 15/10/2010 02:58:16 | Computer Name = Jolly | Source = Service Control Manager | ID = 7000
Description =


< End of report >




What exactly seems to be the problem with my machine then Gringo?

Thanks again,

Greig








#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 15 October 2010 - 04:20 AM

Hello

It seems that this file is infected and you don't have a clean one on your computer - I want you to copy this file from the other vista machine and paste it the the root of the drive on this computer C:/ then run the script below
C:\Windows\System32\plasrv.exe


Please rerun OTL and copy/paste the following text into the "custom scan/fix" field. Click NONE and Run Scan. Post me the resulting log please.

CODE
/md5start
plasrv.exe
/md5stop




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 17 October 2010 - 11:49 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 18 October 2010 - 03:24 AM

Hi Gringo,

Yes I still need help! smile.gif

I haven't been in the office to get access to the required vista system file from my work PC - but am here now, will download it today and install thisevening as per your instructions.

Cheers,

Greig

Edited by TR5, 18 October 2010 - 03:26 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 18 October 2010 - 03:33 AM

thumbup2.gif
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TR5

TR5
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 18 October 2010 - 05:23 PM

Ok, so I copied the plasrv.exe file from my work PC and tried to copy it into the system32 folder on my infected laptop.

Despite being the administrator and only user of the computer I get a message saying 'destination folder access denied - you need to provide administrator permission to copy to this folder'

No matter how many times I click continue it just shows me another screen saying I dont have permission to paste the file??!! (see attached screeen shot)

Confusing...

Greig

Attached Files



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 18 October 2010 - 05:42 PM

Hello

don't put it in the system 32 folder put in on the C:\ drive and I will move it

after you have put on the c: drive run this for me


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
plasrv.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users