Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ROOTKIT INFECTION!!!!!!!!!??


  • This topic is locked This topic is locked
34 replies to this topic

#1 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 09 June 2011 - 09:38 PM

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Run by 123 at 22:13:15 on 2011-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.618 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mLocal Page =
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE123A98-E77B-47E1-ACFD-6C0206CD33CF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E26F3336-9FEB-401D-836B-AA4718CA82D6} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\123\application data\mozilla\firefox\profiles\mjls2217.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-7 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-7 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-7 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-7 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-5-20 88176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-20 22712]
S3 0075141305934204mcinstcleanup;McAfee Application Installer Cleanup (0075141305934204);c:\docume~1\123\locals~1\temp\007514~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\123\locals~1\temp\007514~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 BlackBox;BlackBox SR2; [x]
S3 rk_remover-boot;rk_remover-boot;\??\c:\windows\system32\drivers\rk_remover.sys --> c:\windows\system32\drivers\rk_remover.sys [?]
.
=============== Created Last 30 ================
.
2011-06-10 00:13:06 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-10 00:13:06 -------- d-----w- c:\documents and settings\123\application data\SUPERAntiSpyware.com
2011-06-10 00:12:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-09 02:25:11 -------- d-----w- c:\documents and settings\123\local settings\application data\Identities
2011-06-09 01:47:57 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-09 01:47:26 -------- d-----w- c:\windows\system32\LogFiles
2011-06-09 01:46:39 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2011-06-07 10:28:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-07 10:28:11 40112 ----a-w- c:\windows\avastSS.scr
2011-06-06 03:33:38 -------- d-----w- C:\_OTL
2011-06-05 04:36:46 388096 ----a-r- c:\documents and settings\123\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-04 23:41:31 159744 ----a-w- c:\windows\system32\igfxres.dll
2011-06-03 03:56:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-03 03:56:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 03:14:26 -------- d-sha-r- C:\cmdcons
2011-06-03 03:02:59 45056 -c--a-w- c:\windows\system32\dllcache\ssinc51.dll
2011-06-03 03:01:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-06-03 03:00:59 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe
2011-06-03 02:59:56 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2011-06-03 02:58:59 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2011-06-03 02:50:54 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-06-03 02:50:54 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-06-03 01:34:18 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-03 01:34:18 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-03 01:34:18 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-03 01:34:18 13312 ----a-w- c:\windows\system32\irclass.dll
2011-05-28 23:41:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-28 23:41:40 -------- d-----w- c:\program files\LSoft Technologies
2011-05-28 14:08:23 -------- d-----w- c:\windows\system32\appmgmt
2011-05-24 23:11:16 -------- d-----w- c:\windows\pss
2011-05-24 19:30:51 6857 ----a-w- c:\windows\system32\drivers\UIUSYS.SYS
2011-05-22 09:24:01 4122368 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2011-05-21 00:47:59 518144 ----a-w- c:\windows\SWREG.exe
2011-05-20 23:30:59 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-20 23:30:59 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-20 23:30:59 -------- d-----w- c:\program files\SpywareBlaster
2011-05-20 23:30:04 -------- d-----w- c:\program files\common files\McAfee
2011-05-20 23:29:56 -------- d-----w- c:\program files\McAfee
2011-05-20 23:27:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 23:13:16 -------- d-----w- c:\program files\Broadcom
2011-05-20 22:57:14 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-05-20 22:49:14 -------- d-----w- c:\windows\internet
2011-05-20 20:56:52 -------- d-----w- c:\documents and settings\123\application data\Auslogics
2011-05-20 20:55:43 -------- d-----w- c:\program files\CONEXANT
2011-05-20 20:55:18 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-05-20 20:55:18 705408 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2011-05-20 20:55:18 42858 ----a-w- c:\windows\system32\hsfci014.dll
2011-05-20 20:55:18 208384 ----a-w- c:\windows\system32\drivers\HSFHWICH.sys
2011-05-20 20:55:18 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-05-20 20:55:18 1033728 ----a-w- c:\windows\system32\drivers\HSF_DPV.SYS
2011-05-20 20:43:35 28672 ----a-w- c:\windows\cttib1.dll
2011-05-20 20:43:28 -------- d-----w- c:\windows\tiinst
2011-05-20 20:16:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-20 20:16:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-20 20:05:02 -------- d-----w- c:\program files\C-Media
2011-05-20 19:55:58 -------- d-----w- c:\program files\UIU
2011-05-20 19:40:10 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-05-20 19:40:01 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-05-20 19:35:59 -------- d-----w- c:\documents and settings\123\local settings\application data\Mozilla
2011-05-20 19:30:58 -------- d-----w- c:\program files\Auslogics
2011-05-20 19:29:31 -------- d-----w- c:\documents and settings\123\application data\Malwarebytes
2011-05-20 19:29:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 19:29:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-20 19:29:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 19:29:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 19:22:44 -------- d-----w- c:\program files\AVAST Software
2011-05-20 19:22:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-05-20 19:21:21 -------- d-----w- c:\program files\CCleaner
2011-05-20 19:14:11 -------- d-s---w- c:\documents and settings\123\UserData
2011-05-20 19:02:14 156160 ----a-w- c:\windows\system32\drivers\b57xp32.sys
.
==================== Find3M ====================
.
.
============= FINISH: 22:14:21.92 ===============


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-09 22:26:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVE-22UYT0 rev.01.04A01
Running: gmer.exe; Driver: C:\DOCUME~1\123\LOCALS~1\Temp\uxqcikoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAAC98202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAACFECB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAACBC6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAAC9A81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAAC9A874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAAC9A98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAACBC075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAAC9A772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAAC9A8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAAC9A7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAAC9A938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAAC98226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAACBCD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAACBD03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAAC9AC0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAACBCBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAACBCA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAACFED62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAAC97FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAAC9824A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAAC9AD82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAAC98CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAAC9A84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAAC9A89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAAC9A9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAACBC3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAAC9A79E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAAC9AA46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAAC9A904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAAC9A7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAAC9AB2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAAC9A962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAACFEDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAACBC8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAAC98BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAACBC72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAAD07E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAACBB6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAAC9826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAAC98292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAAC9804A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAAC98186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAACBCE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAAC98162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAAC981AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAAC982B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2694 80501EBC 4 Bytes CALL C0FAEA77
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B7C0 4 Bytes CALL AAC99335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP AAC9BCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP AAC9BBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP AAC9AE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP AAC9AF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP AAC9BE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP AAC9BB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP AAC9C040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP AAC9AFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP AAC9AE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP AAC9BF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP AAC9BD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP AAC9BC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP AAC9B32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP AAC9B1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP AAC9B352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP AAC9B06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP AAC9ADB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP AAC9B0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP AAC9B114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP AAC9AF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP AAC9B034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP AAC9B46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP AAC9BEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\123\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\SCardSvr.exe[164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\SCardSvr.exe[164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[164] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\SCardSvr.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\SCardSvr.exe[164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\SCardSvr.exe[164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\SCardSvr.exe[164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\SCardSvr.exe[164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\SCardSvr.exe[164] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[428] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\rundll32.exe[452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[452] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\csrss.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1236] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\bcmwltry.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\bcmwltry.exe[1308] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\bcmwltry.exe[1308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\System32\bcmwltry.exe[1308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\System32\bcmwltry.exe[1308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\System32\bcmwltry.exe[1308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\System32\bcmwltry.exe[1308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 006F1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 006F0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 006F0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 006F0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 006F0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 006F01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 006F03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 006F0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00700804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00700A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00700600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007001F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007003FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2084] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 007D1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 007D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 007D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 007D0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 007D0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 007D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 007D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 007D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E03FC
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003E1014
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003E0804
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003E0600
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\123\Desktop\gmer.exe[4028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 6/9/2011 10:28:25 PM - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\123\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 538.04 Mb Available Physical Memory | 52.99% Memory free
3.87 Gb Paging File | 3.53 Gb Available in Paging File | 91.25% Paging File free
Paging file location(s): c:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.00 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: MDD-82F7E95CB40 | User Name: 123 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 22:22:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\123\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 22:22:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\123\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (0075141305934204mcinstcleanup) McAfee Application Installer Cleanup (0075141305934204)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/28 19:41:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/09 20:59:14 | 000,585,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/02 15:01:02 | 000,006,857 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 17:32:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/07 06:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 15:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/07 03:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\123\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/06/07 06:28:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/02 23:56:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/26 17:32:19 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/21 19:58:18 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/09 21:31:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/20 14:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 22:22:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\123\Desktop\OTL.exe
[2011/06/09 22:13:09 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\123\Desktop\dds.scr
[2011/06/09 22:10:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\123\Recent
[2011/06/09 21:53:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/09 21:13:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/09 20:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/09 20:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\SUPERAntiSpyware.com
[2011/06/09 20:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/09 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/08 22:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Local Settings\Application Data\Identities
[2011/06/08 21:47:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/08 21:46:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2011/06/07 06:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/07 06:28:31 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/07 06:28:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/07 06:28:29 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/07 06:28:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/07 06:28:28 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/07 06:28:28 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/07 06:28:28 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/07 06:28:27 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/07 06:28:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/07 06:28:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/05 23:33:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 22:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Desktop\New Folder
[2011/06/02 23:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/02 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/02 23:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/02 23:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/02 23:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Sun
[2011/06/02 23:14:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/02 23:12:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\My Documents\My Videos
[2011/06/02 23:12:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\Start Menu\Programs\Administrative Tools
[2011/06/02 23:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/28 19:41:59 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2011/05/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2011/05/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
[2011/05/28 10:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/24 19:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/22 05:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/22 05:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011/05/20 20:47:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/20 20:47:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/20 20:47:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/20 20:47:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/20 19:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/20 19:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/20 19:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/20 19:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/05/20 19:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/05/20 19:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/05/20 19:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Macromedia
[2011/05/20 19:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Adobe
[2011/05/20 19:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/05/20 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
[2011/05/20 18:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/20 18:49:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\internet
[2011/05/20 16:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Auslogics
[2011/05/20 16:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/05/20 16:43:35 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\cttib1.dll
[2011/05/20 16:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2011/05/20 16:16:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/20 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media
[2011/05/20 15:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\UIU
[2011/05/20 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\My Documents\Downloads
[2011/05/20 15:43:10 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2011/05/20 15:43:09 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2011/05/20 15:43:08 | 002,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2011/05/20 15:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/05/20 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2011/05/20 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Local Settings\Application Data\Mozilla
[2011/05/20 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Mozilla
[2011/05/20 15:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/05/20 15:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/05/20 15:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Malwarebytes
[2011/05/20 15:29:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/20 15:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 15:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/20 15:29:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 15:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/20 15:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/20 15:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/20 15:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/20 15:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/20 15:14:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\123\UserData
[2011/05/20 15:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/20 15:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/20 15:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/20 15:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/05/20 15:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/20 14:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 14:37:27 | 000,000,000 | ---D | C] -- C:\Dell
[2011/05/20 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK Gigabit Ethenet NIC Driver
[2011/05/20 14:35:01 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/20 14:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2011/05/20 14:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/20 14:33:20 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2011/05/20 14:32:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/20 14:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\My Documents\My Pictures
[2011/05/20 14:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\My Documents\My Music
[2011/05/20 14:32:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\123\Application Data\Microsoft
[2011/05/20 14:32:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\123\Cookies
[2011/05/20 14:32:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\123\SendTo
[2011/05/20 14:32:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\123\Application Data
[2011/05/20 14:32:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\Start Menu\Programs\Startup
[2011/05/20 14:32:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\Start Menu
[2011/05/20 14:32:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\My Documents
[2011/05/20 14:32:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\Favorites
[2011/05/20 14:32:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\123\Start Menu\Programs\Accessories
[2011/05/20 14:32:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\123\Templates
[2011/05/20 14:32:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\123\PrintHood
[2011/05/20 14:32:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\123\NetHood
[2011/05/20 14:32:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\123\Local Settings
[2011/05/20 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Local Settings\Application Data\Microsoft
[2011/05/20 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Application Data\Identities
[2011/05/20 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\123\Desktop
[2011/05/20 14:31:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/20 14:31:16 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/20 14:31:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/05/20 14:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/05/20 14:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/05/20 14:30:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/05/20 14:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/20 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/05/20 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/05/20 14:24:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/20 14:24:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/05/20 14:24:09 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/05/20 14:23:51 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/20 14:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/20 14:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/05/20 14:23:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/05/20 14:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/05/20 14:22:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/05/20 14:22:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/20 14:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/05/20 14:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/20 14:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/05/20 14:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/05/20 14:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/05/20 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/05/20 14:21:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/05/20 14:21:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/20 14:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/05/20 14:20:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/20 14:20:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/05/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/20 14:20:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/20 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/05/20 14:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/05/20 14:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/05/20 14:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/05/20 14:19:50 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/05/20 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/05/20 14:19:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/20 14:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/20 14:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/20 14:19:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/05/20 14:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/20 10:15:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/05/20 10:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/20 10:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/05/20 10:14:54 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/05/20 10:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/05/20 10:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/05/20 10:14:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/20 10:14:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/20 10:14:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/05/20 10:14:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/05/20 10:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/20 10:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/20 10:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/20 10:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/20 10:13:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/20 10:13:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/05/20 10:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/05/20 10:13:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/20 09:54:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/05/20 09:54:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/20 09:54:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/05/20 09:54:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/20 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2011/06/09 22:22:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\123\Desktop\OTL.exe
[2011/06/09 22:19:28 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\123\Desktop\gmer.zip
[2011/06/09 22:13:10 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\123\Desktop\dds.scr
[2011/06/09 22:08:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 21:31:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/09 20:13:00 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/09 01:22:21 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2011/06/08 21:51:48 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/08 21:48:54 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\123\Desktop\Windows Media Player.lnk
[2011/06/08 21:48:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/08 21:48:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/08 21:47:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2011/06/08 21:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/07 06:28:32 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/07 06:28:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/02 23:14:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/02 23:09:26 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/02 23:09:26 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/02 23:04:55 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/02 23:04:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/02 22:54:18 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/02 22:48:27 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/02 22:45:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/02 22:03:14 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/06/02 20:23:27 | 000,002,904 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/31 20:52:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\123\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/22 15:46:06 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/20 19:31:00 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\123\Desktop\SpywareBlaster.lnk
[2011/05/20 15:30:59 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\123\Desktop\Auslogics Disk Defrag.lnk
[2011/05/20 15:21:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/20 15:11:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/20 15:11:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/20 14:32:27 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\123\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 14:32:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\123\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/20 14:31:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/20 14:25:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/20 14:25:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/20 14:25:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/20 14:25:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

========== Files Created - No Company Name ==========

[2011/06/09 22:19:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\123\Desktop\gmer.exe
[2011/06/09 22:18:05 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\123\Desktop\gmer.zip
[2011/06/09 20:13:00 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/09 19:04:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/08 21:47:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2011/06/08 19:22:44 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2011/06/07 06:28:32 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/04 19:11:57 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2011/06/02 23:14:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/02 23:14:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/02 23:02:12 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/02 23:01:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/02 23:01:02 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/02 23:00:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/02 23:00:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/02 23:00:35 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/02 23:00:26 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/02 23:00:13 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/02 22:59:47 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/02 21:33:48 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/02 21:33:48 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/02 21:33:48 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/02 21:33:48 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/02 21:33:48 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/02 21:33:48 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/02 21:33:48 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/02 21:33:47 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/02 21:33:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/02 21:33:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/02 21:33:46 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/02 21:33:46 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/02 21:33:46 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/02 21:33:46 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/02 21:33:46 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/02 21:33:45 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/06/02 21:33:44 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/02 21:33:44 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/06/02 20:23:25 | 000,002,904 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2011/05/31 20:22:59 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\123\Desktop\Windows Media Player.lnk
[2011/05/22 15:46:05 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/05/22 05:23:32 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2011/05/22 05:23:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/05/20 20:47:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/20 19:31:00 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\123\Desktop\SpywareBlaster.lnk
[2011/05/20 16:55:18 | 000,129,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty
[2011/05/20 16:43:35 | 000,017,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiscfw.deb
[2011/05/20 16:34:10 | 000,065,335 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2011/05/20 16:34:10 | 000,062,266 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2011/05/20 16:34:10 | 000,062,231 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2011/05/20 16:34:10 | 000,061,667 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2011/05/20 16:34:10 | 000,061,599 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2011/05/20 16:34:10 | 000,061,138 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2011/05/20 16:34:10 | 000,060,045 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2011/05/20 16:34:10 | 000,059,323 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2011/05/20 16:34:10 | 000,058,746 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2011/05/20 16:34:10 | 000,057,958 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2011/05/20 16:34:10 | 000,057,151 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2011/05/20 16:05:02 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2011/05/20 15:43:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/05/20 15:43:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/05/20 15:43:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/05/20 15:39:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/05/20 15:30:59 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\123\Desktop\Auslogics Disk Defrag.lnk
[2011/05/20 15:29:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 15:21:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/20 15:11:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/20 15:11:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/20 15:11:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/20 14:32:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\123\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/20 14:32:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\123\Start Menu\Programs\Outlook Express.lnk
[2011/05/20 14:32:12 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\123\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 14:32:12 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\123\Start Menu\Programs\Internet Explorer.lnk
[2011/05/20 14:32:03 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\123\Start Menu\Programs\Remote Assistance.lnk
[2011/05/20 14:32:03 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\123\Start Menu\Programs\Windows Media Player.lnk
[2011/05/20 14:31:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/20 14:30:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 14:25:50 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/20 14:25:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/20 14:25:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/20 14:25:49 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/05/20 14:25:49 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/05/20 14:25:38 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/20 14:25:38 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/20 14:25:36 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/20 14:23:50 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/20 14:23:33 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/05/20 14:23:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/20 14:23:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/20 14:23:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/05/20 14:22:18 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/05/20 14:21:21 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/20 14:21:19 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/20 14:20:50 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/05/20 14:20:14 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/20 14:20:13 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/20 14:20:12 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/20 14:20:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/05/20 10:15:07 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/05/20 10:14:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/20 10:14:56 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/05/20 10:14:56 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/05/20 10:14:55 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/05/20 10:14:55 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/05/20 10:14:37 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/20 10:14:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/05/20 10:13:29 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/20 10:12:47 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/05/20 10:12:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001/08/23 12:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 12:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/20 16:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\123\Application Data\Auslogics
[2011/06/07 06:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/08 22:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/09 01:22:21 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job

========== Purity Check ==========



< End of report >




Rootkit.zero Access ??????????????????????????????

Edited by InadequateInfirmity, 09 June 2011 - 09:40 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:18 AM

Posted 10 June 2011 - 02:54 PM

Hello InadequateInfirmity ,

Posted Image

Can you please tell me what you saw that makes you say ZeroAccess? Also, is there anything else you've done to this point....any other tools you might have run? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:08 PM

I know im not supposed to run combofix unsupervised but i did and recevied this message...
You are infected with Rootkit.zero Access!It has inserted itself into
the tcp/ip stack.This is a particularly difficult infection.


If for any reason that youre unable to connect to the internet after
running combofix,reboot once see if that fixes it.

ng
If its not fixed,run Combofix one more time.

I have run kaspersky virus removal tool with no luck eset online scanner doesnt detect anything i have malwarebytes pro also no luck im usually pretty good about keeping my computer up to date and virus free this one has me stumped

Here is the combofix log :

ComboFix 11-06-09.04 - 123 06/09/2011 20:00:08.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.765 [GMT -4:00]
Running from: c:\documents and settings\123\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-06 03:33 . 2011-06-06 03:33 -------- d-----w- C:\_OTL
2011-06-05 11:08 . 2011-06-05 11:13 -------- d-----w- C:\VBARESCUE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-05-20 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-06-09_23.17.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-09 23:58 . 2011-06-09 23:58 16384 c:\windows\temp\Perflib_Perfdata_7e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-25 2253112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 22:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 19:27 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 19:31 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 13:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/7/2011 6:28 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/7/2011 6:28 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/7/2011 6:28 AM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/20/2011 3:29 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/20/2011 7:29 PM 88176]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/20/2011 4:43 PM 88192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/20/2011 3:29 PM 22712]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/28/2011 7:41 PM 691696]
S3 0075141305934204mcinstcleanup;McAfee Application Installer Cleanup (0075141305934204);c:\docume~1\123\LOCALS~1\Temp\007514~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\123\LOCALS~1\Temp\007514~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 B2FEC8DC;B2FEC8DC;c:\windows\system32\B2FEC8DC.exe --> c:\windows\system32\B2FEC8DC.exe [?]
S3 BlackBox;BlackBox SR2; [x]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [6/7/2011 4:19 AM 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-09 c:\windows\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2011-05-20 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\123\Application Data\Mozilla\Firefox\Profiles\mjls2217.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-06-09 20:09:10
ComboFix-quarantined-files.txt 2011-06-10 00:09
ComboFix2.txt 2011-06-09 23:40
ComboFix3.txt 2011-06-09 23:20
ComboFix4.txt 2011-06-06 04:16
.
Pre-Run: 62,425,591,808 bytes free
Post-Run: 62,421,237,760 bytes free
.
- - End Of File - - E863098FE161ECEAA060C9627C1004D8

Edited by InadequateInfirmity, 10 June 2011 - 06:09 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:18 AM

Posted 10 June 2011 - 06:23 PM

Hi there,

well, we can do some checking all right.....but my guess right now is that you're going to receive that message , even if there is no infection left/present.


Please visit the online Jotti Virus Scanner Posted Image<--link
  • Copy and paste the following filepath in the box:

    c:\windows\system32\B2FEC8DC.exe
  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Did you delete these?

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:37 PM

Your link is not working, and yes I deleted those files I dont need them.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:18 AM

Posted 10 June 2011 - 06:40 PM

whoops! Sorry about that. http://virusscan.jotti.org/
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:43 PM

cant copy and paste any other methods????

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:46 PM

c:\windows\system32\B2FEC8DC.exe


cant paste

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:18 AM

Posted 10 June 2011 - 06:46 PM

you can type in the path. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:51 PM

If i left click it brings up my desktop

Why would combofix say i have an infection if i dont?????

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:53 PM

Should I use otm or otl or write a script file with combofix to delete this file? Or is it a file I need??

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 06:57 PM

trust me i did what you said to do and its not working what else can i do???

Do you need a fresh otl log??

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:18 AM

Posted 10 June 2011 - 07:02 PM

ugh....no...no otl anything. <_<

did you get the file scanned? That does not require copy and paste, so I'm assuming you did. When did copy and paste stop working?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 07:03 PM

copy and paste works fine just not for the link you provided

#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication

  • Topic Starter

  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 June 2011 - 07:05 PM

If
I
Right
Click
In
The
File
To
Scan
Window
Nothing
Happens




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users