Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs slow to load and No internet conect


  • This topic is locked This topic is locked
15 replies to this topic

#1 pattrick

pattrick

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 19 June 2011 - 02:28 PM

I need some help. Had some problems, ran Super ASW, Mbam, andSPybot, cleaned 2 viruses, a Trojan.agent/gen-1explorer and Gen-PEC virus
Programs are slow to load and wont connect to internet. The connection is up and good. Tried safe mode, defogged, rkill and ran scans.
They came up clean. Mcaffee wont load, just a blank white page.
I ran the logs as requested, appreciate any help
Pattrick

DDS (Ver_10-12-12.02) - NTFSx86
Run by Flutterby at 13:23:29.95 on Sun 06/19/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3325.1848 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mediafour\XPlay 3\XPlay.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Users\Flutterby\Desktop\Repairs\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110610073640.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "c:\program files\mediafour\xplay 3\XPlay.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: isqft.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\flutte~1\appdata\roaming\mozilla\firefox\profiles\6x23ridh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\flutterby\appdata\roaming\mozilla\firefox\profiles\6x23ridh.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\flutterby\appdata\roaming\mozilla\plugins\npatgpc.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-28 259176]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-12 459728]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-7-13 20392]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-5-13 64648]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-7-13 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-7-13 724152]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2009-12-28 224256]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-13 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-12 214904]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-12 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-12 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-12 148520]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-9-15 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-11 809296]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-2-27 185640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-12 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-12 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-12 337912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-15 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-12 85984]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-06-19 13:55:32 -------- d-----w- c:\program files\ESET
2011-06-14 11:31:12 -------- d--h--w- c:\windows\PIF
2011-06-10 12:36:40 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-05-24 01:53:04 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-24 00:55:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-24 00:55:22 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-24 00:55:22 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-24 00:53:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-24 00:53:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-24 00:52:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-24 00:50:22 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-24 00:50:22 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-24 00:50:22 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-24 00:50:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-24 00:50:22 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-24 00:50:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-24 00:50:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-24 00:50:22 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-24 00:50:22 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-24 00:50:21 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-05-24 00:50:21 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-24 00:50:21 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-05-24 00:42:42 231424 ----a-w- c:\windows\system32\msshsq.dll

==================== Find3M ====================

2011-05-17 10:39:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 13:24:46.36 ===============







GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-06-19 14:01:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDP725025GLA380 rev.GM2OA5BA
Running: gmer.exe; Driver: C:\Users\FLUTTE~1\AppData\Local\Temp\fwliruoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8FD33FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8FD34A56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThread [0x8FD6CE20]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwDeleteFile [0x8FD6BE7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8FD3827C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8FD382AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8FD38410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8FD34B2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8FD34104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8FD342F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8FD34428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8FD38386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8FD382F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8FD38322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8FD38354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8FD33F66]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetInformationFile [0x8FD6BEF0]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetValueKey [0x8FD6CCFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8FD33F02]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FCD9620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8FD33E9E]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThreadEx [0x8FD6CEBE]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82C44D48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82C44D5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82C44D34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E5F982 5 Bytes JMP 82C44D38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 191 81EE0914 4 Bytes [C0, 3F, D3, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 81EE095C 4 Bytes [56, 4A, D3, 8F]
.text ntkrnlpa.exe!KeSetEvent + 221 81EE09A4 4 Bytes [20, CE, D6, 8F]
.text ntkrnlpa.exe!KeSetEvent + 2D1 81EE0A54 8 Bytes [7C, BE, D6, 8F, 7C, 82, D3, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 81EE0A64 4 Bytes [AE, 82, D3, 8F] {SCASB ; ADC BL, -0x71}
.text ...
PAGE ntkrnlpa.exe!FsRtlCancellableWaitForMultipleObjects + 2AE 82012355 7 Bytes JMP 8BBEEA10
PAGE ntkrnlpa.exe!NtMapViewOfSection 8204482A 7 Bytes JMP 82C44D4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82044AED 5 Bytes JMP 82C44D62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\FLUTTE~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[688] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[688] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00080011
.text C:\Windows\system32\svchost.exe[688] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 00010F39
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00010F54
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 000100D0
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 000100BF
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00010F80
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00010F9B
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00010058
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 00010075
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 000100E1
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 0001009A
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 000A0F9A
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!system 7773804B 5 Bytes JMP 000A0025
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!_open 7773D106 5 Bytes JMP 000A0FE3
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 000A0FAB
.text C:\Windows\system32\svchost.exe[688] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 000A0FC6
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 000B0073
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 000B0062
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 000B0FDB
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 000B0FAC
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 000B002C
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 000B001B
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 000B003D
.text C:\Windows\system32\svchost.exe[688] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\services.exe[744] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\services.exe[744] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 000F0014
.text C:\Windows\system32\services.exe[744] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 000F0FDE
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 000E003B
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 000E0EF5
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 000E0ED3
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 000E0EE4
.text C:\Windows\system32\services.exe[744] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 000E0F32
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 000E0FB9
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 000E0FA8
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 000E0F10
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 000E0F4D
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 000E000A
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 000E0F68
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 000E0F8D
.text C:\Windows\system32\services.exe[744] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 000E0F21
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 000E0EAE
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 000E0FD4
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\services.exe[744] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 000E0060
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00220047
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00220FAF
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00220FE5
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00220036
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00220058
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00220FC0
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00220000
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 0022001B
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00230FBE
.text C:\Windows\system32\services.exe[744] msvcrt.dll!system 7773804B 5 Bytes JMP 00230049
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 0023001D
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_open 7773D106 5 Bytes JMP 00230FEF
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00230038
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 0023000C
.text C:\Windows\system32\services.exe[744] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 0021000A
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00200022
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00200011
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 001F0093
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 001F0082
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 001F0F17
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 001F00A4
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 001F0F72
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 001F0FA8
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 001F0067
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 001F0040
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 001F0025
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 001F0F83
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 001F0014
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 001F0F61
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 001F0F06
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 001F0F32
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00230FB9
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00230051
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00230000
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00230FCA
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00230FA8
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00230036
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 0023001B
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00230FE5
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00240038
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!system 7773804B 5 Bytes JMP 00240FAD
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00240FC8
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_open 7773D106 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 0024001D
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 0024000C
.text C:\Windows\system32\lsass.exe[768] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 008D0014
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 00880F80
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 008800C6
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 00880F5B
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 008800F2
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00880FB9
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 0088002C
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00880FE5
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 008800B5
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00880093
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 0088005B
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00880076
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00880FCA
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 008800A4
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00880103
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 008800E1
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!system 7773804B 5 Bytes JMP 0090005F
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00900029
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_open 7773D106 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00900044
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 008F0F83
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 008F0F9E
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 008F0F72
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 008F0FCA
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 008F000A
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 008F0FAF
.text C:\Windows\system32\svchost.exe[1040] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 01A90FEF
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 01A9000A
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 01A90FD4
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 01A80082
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 01A80F46
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 01A8009D
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 01A80F10
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 01A80F68
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 01A80FD4
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 01A80FB9
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 01A80071
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 77479109 3 Bytes JMP 01A80F83
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW + 4 7747910D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 01A80040
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 01A80F94
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 01A80025
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 01A80F57
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 01A800AE
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 01A80014
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 01A80FEF
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 01A80F21
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 01C00FA1
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!system 7773804B 5 Bytes JMP 01C0002C
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 01C00FBC
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_open 7773D106 5 Bytes JMP 01C00FEF
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 01C0001B
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 01C00000
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 01A70047
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 01A70FCA
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 01A7000A
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 01A70FAF
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 01A70062
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 01A7001B
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 01A70FE5
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 01A70036
.text C:\Windows\system32\svchost.exe[1052] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 01AE0000
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 0068000A
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 0068002F
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 001E00A4
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 001E0F68
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 001E00E1
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 001E00D0
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 001E0F94
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 001E0093
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 001E006E
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 001E0051
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 001E002F
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 001E0F83
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 001E0F39
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 001E00BF
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!system 7773804B 5 Bytes JMP 00770FCA
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00770029
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_open 7773D106 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00770044
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 006A005B
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 006A0040
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 006A0FB9
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 006A0FA8
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[1132] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00690000
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1280] ntdll.dll!KiUserApcDispatcher 77595B48 5 Bytes JMP 00414130 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1280] kernel32.dll!LoadLibraryExW + 248 77479351 4 Bytes [0A, 00, AA, 71]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1280] WS2_32.dll!getaddrinfo 75EE418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1280] WS2_32.dll!gethostbyname 75EF62D4 5 Bytes JMP 71AD0022
.text C:\Windows\System32\svchost.exe[1456] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00DF0FEF
.text C:\Windows\System32\svchost.exe[1456] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00DF001E
.text C:\Windows\System32\svchost.exe[1456] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00DF0FDE
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 00DD005B
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00DD0F15
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 00DD0EC4
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 00DD0EDF
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00DD0F5C
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00DD0FD4
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00DD0FC3
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 00DD0F26
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00DD0F6D
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00DD0036
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00DD0F94
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00DD0025
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 00DD0F41
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00DD0076
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00DD000A
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00DD0FEF
.text C:\Windows\System32\svchost.exe[1456] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 00DD0EFA
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_wsystem 77737F2F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00220033
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!system 7773804B 5 Bytes JMP 00220FA8
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00220022
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_open 7773D106 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00220FC3
.text C:\Windows\System32\svchost.exe[1456] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00220FDE
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00200062
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00200036
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00200FEF
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00200047
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00200FA5
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00200FCA
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00200000
.text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 0020001B
.text C:\Windows\System32\svchost.exe[1456] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[1484] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 010C0000
.text C:\Windows\System32\svchost.exe[1484] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 010C002C
.text C:\Windows\System32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 010C0011
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 010B00C7
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 010B00AC
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 010B00F3
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 010B00E2
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 010B0065
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 010B002F
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 010B0FDE
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 010B009B
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 010B0054
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 010B0FBC
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 010B0FA1
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 010B0FCD
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 010B0080
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 010B0F41
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 010B0014
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 010B0FEF
.text C:\Windows\System32\svchost.exe[1484] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 010B0F66
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 015F0F9C
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!system 7773804B 5 Bytes JMP 015F0FB7
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 015F0FD2
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!_open 7773D106 5 Bytes JMP 015F0000
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 015F0027
.text C:\Windows\System32\svchost.exe[1484] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 015F0FE3
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 015A0F94
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 015A002F
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 015A0FEF
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 015A0040
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 015A0F83
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 015A0FC3
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 015A0FD4
.text C:\Windows\System32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 015A0014
.text C:\Windows\System32\svchost.exe[1484] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 01110000
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 01230FEF
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 01230FDE
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 01230014
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 011E0F4D
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 011E0F68
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 011E0EFC
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 011E0F21
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 011E0082
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 011E001B
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 011E0FD4
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 011E0F83
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 011E0F9E
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 011E0FB9
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 011E005B
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 011E0036
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 011E0093
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 011E00B8
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 011E0FEF
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 011E000A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 011E0F32
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 01310FC3
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!system 7773804B 5 Bytes JMP 0131004E
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 01310FDE
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_open 7773D106 5 Bytes JMP 0131000C
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 0131003D
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 01310FEF
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 011D0F9E
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 011D0FC3
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 011D0FE5
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 011D004A
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 011D0065
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 011D001B
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 011D000A
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 011D0FD4
.text C:\Windows\system32\svchost.exe[1500] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 01280000
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00850014
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00850FDE
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 0083008E
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 0083007D
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 008300B3
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 00830F26
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00830051
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00830FC3
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00830FA8
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 0083006C
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00830040
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 0083001E
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 0083002F
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00830F8D
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 00830F66
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 008300C4
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00830FD4
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 00830F37
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00870FC1
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!system 7773804B 5 Bytes JMP 00870FD2
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00870FE3
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_open 7773D106 5 Bytes JMP 0087000C
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00870042
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 0087001D
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00320F68
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00320F94
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00320F79
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00320F4D
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00320FCA
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00320FAF
.text C:\Windows\system32\svchost.exe[1620] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 0097001B
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 008C0F48
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 008C008E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 008C0F08
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 008C0F23
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 008C0062
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 008C0073
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 008C0051
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 008C0040
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 008C0F9E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 008C0F6D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 008C00BA
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 008C00A9
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00DF0FA6
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 7773804B 5 Bytes JMP 00DF0FC1
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 7773D106 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00DF0027
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00320028
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00320039
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00320F97
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00320FCD
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00320FB2
.text C:\Windows\system32\svchost.exe[1752] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1752] WinInet.dll!InternetOpenA 7610D690 5 Bytes JMP 00A50000
.text C:\Windows\system32\svchost.exe[1752] WinInet.dll!InternetOpenW 7610DB09 5 Bytes JMP 00A50FE5
.text C:\Windows\system32\svchost.exe[1752] WinInet.dll!InternetOpenUrlA 7610F3A4 5 Bytes JMP 00A5001B
.text C:\Windows\system32\svchost.exe[1752] WinInet.dll!InternetOpenUrlW 76156D5F 5 Bytes JMP 00A5002C
.text C:\Windows\system32\svchost.exe[1936] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[1936] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[1936] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 008900BD
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 008900AC
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 008900EC
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 00890F4B
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 0089006F
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00890014
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 0089009B
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00890F95
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00890FB2
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 0089005E
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00890FC3
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 00890080
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00890F3A
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 00890F5C
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00910FCD
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!system 7773804B 5 Bytes JMP 0091004E
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00910018
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!_open 7773D106 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 0091003D
.text C:\Windows\system32\svchost.exe[1936] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00910FDE
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00880F8A
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00880FA5
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 0088002C
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00880F79
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00880FDB
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00880011
.text C:\Windows\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00880FCA
.text C:\Windows\system32\svchost.exe[1936] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 001C0F73
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 001C00B9
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 001C010A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 001C00EF
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 001C007C
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 001C002C
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 001C00A8
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 001C006B
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 001C0FAC
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 001C004E
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 001C003D
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 001C008D
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 001C0F58
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 001C00D4
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00220FA4
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!system 7773804B 5 Bytes JMP 00220025
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_open 7773D106 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00220FB5
.text C:\Windows\system32\svchost.exe[2580] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00220FD2
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 001B005B
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 001B0FC3
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 001B004A
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 001B0076
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\svchost.exe[2580] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 001B0FD4
.text C:\Windows\system32\svchost.exe[2580] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00140FE5
.text C:\Windows\system32\svchost.exe[2636] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[2636] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00940FAF
.text C:\Windows\system32\svchost.exe[2636] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00940FD4
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 00930F6F
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00930F80
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 009300E8
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 009300D7
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00930089
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00930FD4
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 009300AB
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00930078
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00930051
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00930FAF
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00930040
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 0093009A
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 009300F9
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 0093001B
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[2636] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 009300C6
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00950F97
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!system 7773804B 5 Bytes JMP 0095002C
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00950FCD
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!_open 7773D106 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 00950FB2
.text C:\Windows\system32\svchost.exe[2636] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00950FDE
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 008E0062
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 008E0040
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 008E0051
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 008E0FA5
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 008E0FD4
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 008E0025
.text C:\Windows\system32\svchost.exe[2636] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[2804] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[2804] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 000B0FCA
.text C:\Windows\System32\svchost.exe[2804] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 000B0FE5
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 000A0097
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 000A0086
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 000A0F1B
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessA 77451C28 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 000A0F2C
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 000A0064
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 000A001B
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 000A002C
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 000A0075
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 000A0F8A
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 000A003D
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 000A0FA5
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 000A0FB6
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 000A0F65
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 000A00D7
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 000A00A8
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 000C0FAD
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!system 7773804B 5 Bytes JMP 000C0038
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 000C0FE3
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_open 7773D106 5 Bytes JMP 000C000C
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 000C0FC8
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 000C001D
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00090F8D
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00090FB9
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00090000
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 00090F9E
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00090040
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00090025
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00090FD4
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3400] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 6F1D9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3400] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 6F1D99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3660] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[3660] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 0004002C
.text C:\Windows\System32\svchost.exe[3660] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 0004001B
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 000100AB
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00010F65
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 00010F36
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 000100D7
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00010F8A
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 00010090
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00010FA5
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00010062
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 0001007F
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00010F25
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 000100BC
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 00060F92
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!system 7773804B 5 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 00060FB7
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!_open 7773D106 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 0006000C
.text C:\Windows\System32\svchost.exe[3660] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 00060FD2
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 00070065
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 00070FC3
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 0007004A
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 00070076
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 00070025
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 00070FD4
.text C:\Windows\Explorer.EXE[4184] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 0004000A
.text C:\Windows\Explorer.EXE[4184] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00040FDE
.text C:\Windows\Explorer.EXE[4184] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 000100EB
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00010FA5
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 00010F54
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 00010F65
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 000100A4
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 000100C6
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00010087
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00010076
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 0001005B
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 000100B5
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00010106
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[4184] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 00010F80
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 000A004E
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 000A0FD1
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 000A0000
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 000A0FAC
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 000A0F87
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 000A002C
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 000A001B
.text C:\Windows\Explorer.EXE[4184] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 000A003D
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 000B0042
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!system 7773804B 5 Bytes JMP 000B0FAD
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 000B001D
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!_open 7773D106 5 Bytes JMP 000B0000
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 000B0FC8
.text C:\Windows\Explorer.EXE[4184] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 000B0FE3
.text C:\Windows\Explorer.EXE[4184] WS2_32.dll!socket 75EE36D1 5 Bytes JMP 024F0FEF
.text C:\Windows\Explorer.EXE[4184] WININET.dll!InternetOpenA 7610D690 5 Bytes JMP 02CE0FEF
.text C:\Windows\Explorer.EXE[4184] WININET.dll!InternetOpenW 7610DB09 5 Bytes JMP 02CE0FCA
.text C:\Windows\Explorer.EXE[4184] WININET.dll!InternetOpenUrlA 7610F3A4 5 Bytes JMP 02CE0000
.text C:\Windows\Explorer.EXE[4184] WININET.dll!InternetOpenUrlW 76156D5F 5 Bytes JMP 02CE0011
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4796] ntdll.dll!KiUserApcDispatcher 77595B48 5 Bytes JMP 0043EA30 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4796] kernel32.dll!LoadLibraryExW + 248 77479351 4 Bytes [0A, 00, AC, 71]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4796] USER32.dll!InSendMessageEx + 3B1 76F3E6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4796] WS2_32.dll!getaddrinfo 75EE418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4796] WS2_32.dll!gethostbyname 75EF62D4 5 Bytes JMP 71A60022
.text C:\Windows\system32\wuauclt.exe[5160] ntdll.dll!NtCreateFile 77594224 5 Bytes JMP 00040FE5
.text C:\Windows\system32\wuauclt.exe[5160] ntdll.dll!NtCreateProcess 775942E4 5 Bytes JMP 00040FCA
.text C:\Windows\system32\wuauclt.exe[5160] ntdll.dll!NtProtectVirtualMemory 77594B84 5 Bytes JMP 00040000
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!GetStartupInfoW 77451929 5 Bytes JMP 00010F4B
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!GetStartupInfoA 774519C9 5 Bytes JMP 00010091
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateProcessW 77451BF3 5 Bytes JMP 00010F0B
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateProcessA 77451C28 5 Bytes JMP 00010F26
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!VirtualProtect 77451DC3 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateNamedPipeA 77452EF5 5 Bytes JMP 00010000
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateNamedPipeW 77455C0C 5 Bytes JMP 00010FA5
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreatePipe 77478E6E 5 Bytes JMP 00010076
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!LoadLibraryExW 77479109 5 Bytes JMP 00010040
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!LoadLibraryW 77479362 5 Bytes JMP 00010025
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!LoadLibraryExA 774794B4 5 Bytes JMP 00010F83
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!LoadLibraryA 774794DC 5 Bytes JMP 00010F94
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!VirtualProtectEx 7747DBDA 5 Bytes JMP 00010F66
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!GetProcAddress 7749903B 5 Bytes JMP 00010EFA
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateFileW 7749AECB 5 Bytes JMP 00010FCA
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!CreateFileA 7749CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[5160] kernel32.dll!WinExec 774E5CF7 5 Bytes JMP 000100AC
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!_wsystem 77737F2F 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!system 7773804B 5 Bytes JMP 000B005F
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!_creat 7773BBE1 5 Bytes JMP 000B0033
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!_open 7773D106 5 Bytes JMP 000B0000
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!_wcreat 7773D326 5 Bytes JMP 000B0044
.text C:\Windows\system32\wuauclt.exe[5160] msvcrt.dll!_wopen 7773D501 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegCreateKeyExA 76FF39AB 5 Bytes JMP 000C0F97
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegCreateKeyA 76FF3BA9 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegOpenKeyA 76FF89C7 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegCreateKeyW 7700391E 5 Bytes JMP 000C0FA8
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegCreateKeyExW 770041F1 5 Bytes JMP 000C0054
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegOpenKeyExA 77007C42 5 Bytes JMP 000C0014
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegOpenKeyW 7700E2B5 5 Bytes JMP 000C0FDE
.text C:\Windows\system32\wuauclt.exe[5160] ADVAPI32.dll!RegOpenKeyExW 77017BA1 5 Bytes JMP 000C002F

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\fastfat \FatCdrom MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Mup \Device\Mup MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\fastfat \Fat MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\cdfs \Cdfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithList@
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.m4b\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.m4b\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.m4p\OpenWithList@
Reg HKLM\SOFTWARE\Classes\.m4p\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.m4p\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.m4v\OpenWithList@
Reg HKLM\SOFTWARE\Classes\.m4v\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.m4v\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.mov\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.mov\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithProgIds@QuickTime.mp4
Reg HKLM\SOFTWARE\Classes\iTunes.m4a\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}@ {031EE060-67BC-460d-8847-E4A7C5E45A27}
Reg HKLM\SOFTWARE\Classes\iTunes.m4v\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}@ {031EE060-67BC-460d-8847-E4A7C5E45A27}

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 27 June 2011 - 11:12 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 28 June 2011 - 05:37 PM

thanks for the help, nothing had changed, cant connect to internet, programs are very slow to open. Mcafee is toast, plain white screen.
Antartica huh? cool

Logs
OTL logfile created on: 6/28/2011 5:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = H:\Repair
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 68.81% Memory free
8.05 Gb Paging File | 6.37 Gb Available in Paging File | 79.09% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 117.75 Gb Free Space | 52.86% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.66% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 2.91 Gb Free Space | 77.88% Space Free | Partition Type: FAT32

Computer Name: FLUTTERBY-PC | User Name: Flutterby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 20:44:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- H:\Repair\OTL.exe
PRC - [2011/06/22 20:59:03 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/06/22 20:59:03 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/05/13 14:51:57 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/05/02 15:08:30 | 001,191,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/12/28 11:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
PRC - [2009/12/04 11:36:44 | 000,299,008 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\XPlay 3\XPlay.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 11:07:58 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/15 12:37:38 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/01 00:20:22 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/11/27 09:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 20:44:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- H:\Repair\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/28 11:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/27 11:07:58 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/27 09:54:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/15 12:37:38 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/13 06:28:03 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/28 14:02:18 | 000,259,176 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/08/20 23:54:09 | 003,928,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/08/20 23:54:09 | 003,928,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/07 00:46:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/20 21:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




IE - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "jZip Web Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/12 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 19:53:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 05:23:44 | 000,000,000 | ---D | M]

[2011/05/23 16:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Extensions
[2011/06/03 05:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions
[2010/04/28 20:47:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 05:37:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/28 15:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/04/03 14:03:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/19 16:11:05 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\browserhighlighter@ebay.com
[2011/04/14 06:09:10 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\extensions\DeviceDetection@logitech.com
[2011/05/23 16:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 15:27:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/06/12 15:50:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/05/01 16:42:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/24 05:37:05 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/13 17:47:18 | 000,434,233 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14971 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110610073640.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] C:\Program Files\Mediafour\XPlay 3\XPlay.exe (Mediafour Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3201027742-4137580103-2887526332-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flutterby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Flutterby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/26 15:32:59 | 000,000,057 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 07:12:28 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 07:12:28 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 06:13:12 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 21:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/19 08:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/14 06:31:12 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/06/05 19:49:28 | 000,000,000 | ---D | C] -- C:\Users\Flutterby\Desktop\Edwin

========== Files - Modified Within 30 Days ==========

[2011/06/28 17:14:18 | 000,037,718 | ---- | M] () -- C:\Users\Flutterby\Desktop\Unhooker
[2011/06/28 17:09:26 | 000,038,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/28 17:09:25 | 000,038,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/28 17:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 17:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 17:09:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 17:09:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 17:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/23 06:11:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2011/06/23 06:04:30 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/23 06:04:30 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/22 21:00:48 | 000,001,697 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/06/22 20:58:44 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 14:26:57 | 000,000,000 | ---- | M] () -- C:\Users\Flutterby\defogger_reenable
[2011/06/13 17:47:18 | 000,434,233 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/07 06:53:48 | 000,040,490 | ---- | M] () -- C:\Users\Flutterby\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/06/28 17:14:18 | 000,037,718 | ---- | C] () -- C:\Users\Flutterby\Desktop\Unhooker
[2011/06/19 12:29:38 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/15 14:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Flutterby\defogger_reenable
[2011/05/16 19:02:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/16 19:02:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/16 19:01:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/13 07:02:38 | 000,116,172 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/23 13:38:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/23 13:38:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/23 13:38:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/23 13:38:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/23 13:38:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/09 19:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/09/27 16:30:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/27 16:30:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/27 16:30:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/27 16:30:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/27 16:30:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/27 16:30:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/27 16:30:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/27 16:30:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/27 16:30:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/27 16:30:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/27 16:30:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/27 16:30:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/27 16:30:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/27 16:30:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/27 16:30:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/27 16:30:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/27 16:26:18 | 000,000,089 | ---- | C] () -- C:\Windows\EWF520.ini
[2010/05/07 06:31:50 | 000,000,273 | ---- | C] () -- C:\Windows\SysMech.INI
[2010/02/08 07:32:47 | 000,038,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/07 19:40:40 | 000,038,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/04 16:28:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\vbupdtx.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 07:16:25 | 003,450,529 | ---- | C] () -- C:\Windows\System32\FishingDog[fromwww.metacafe.com].wmv
[2009/07/13 07:28:37 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/01/31 18:17:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/01/15 22:14:35 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/07 18:27:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/12 18:25:48 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/11/04 15:33:52 | 000,019,712 | ---- | C] () -- C:\ProgramData\lxdi
[2008/10/30 16:48:58 | 000,040,490 | ---- | C] () -- C:\Users\Flutterby\AppData\Roaming\wklnhst.dat
[2008/09/18 19:58:17 | 000,008,404 | ---- | C] () -- C:\Users\Flutterby\AppData\Local\d3d9caps.dat
[2008/09/18 07:37:19 | 000,000,265 | ---- | C] () -- C:\Windows\winros.ini
[2008/09/17 17:57:21 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini
[2008/09/17 16:02:31 | 000,019,456 | ---- | C] () -- C:\Users\Flutterby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/17 15:35:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/15 15:21:30 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/09/15 15:21:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/15 15:21:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/09/15 15:21:30 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/09/15 15:21:27 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/09/15 15:21:27 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/09/15 15:21:27 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/09/15 15:21:27 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/09/15 12:38:16 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/09/15 12:38:15 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/09/15 12:38:15 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/09/15 07:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/17 07:23:36 | 000,174,818 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/05 19:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

< End of report >





OTL Extras logfile created on: 6/28/2011 5:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = H:\Repair
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 68.81% Memory free
8.05 Gb Paging File | 6.37 Gb Available in Paging File | 79.09% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 117.75 Gb Free Space | 52.86% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.66% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 2.91 Gb Free Space | 77.88% Space Free | Partition Type: FAT32

Computer Name: FLUTTERBY-PC | User Name: Flutterby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22C002AB-59CD-467A-94E3-F862568B2EBB}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |
"{385C3DAA-F617-4F51-ADD4-67B364E0013E}" = lport=139 | protocol=6 | dir=in | app=system |
"{40FD4429-801A-42BC-901E-773FF67E5C6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{45B18F31-A9DB-4C9E-9989-6BB19C1B3669}" = rport=138 | protocol=17 | dir=out | app=system |
"{554E07CE-F9AE-40B7-AA00-9C066F7465EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{5784E962-E3DD-43F0-9062-18307799AC1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F4B89A4-CDA0-42B7-A774-237DE0171D03}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CB93E2C-BAE9-4858-A17A-84B7D8F42EE9}" = rport=137 | protocol=17 | dir=out | app=system |
"{99552AB5-0FFE-4011-A5ED-FF9C2E5E87A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD632BA4-719F-4E6F-B628-BE5E03BEEE1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EFCD65BB-C307-4CD2-98CF-738F43E0369D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A840D66-B4F8-4A0E-A715-10679321C528}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BF38FDB-7414-44AB-82C3-4A5E18F99660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D5A6B5D-9049-4322-B46C-EB072CCFF825}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{25833547-E3C9-4B6C-B224-418A88CC21A0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{25E8F01C-EC29-4EFE-BB24-BEA2C7AC2D80}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2D0A02B9-A9C2-4674-AAFD-B5070EB5C3D2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{2E65A5C8-29F5-42F4-B1D6-CFD6828E0211}" = protocol=17 | dir=in | app=c:\users\flutterby\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{32905FB8-54DD-4B9A-AD20-21E565D58167}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{33C8A66F-56E0-4DFE-AE7F-B22FBB00E5AC}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{35EE45BD-3681-4A03-8966-D2FF9BC0D08B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdiih.exe |
"{38561583-2023-45F9-AD5F-4AA3F69278B4}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{3BD0B9AC-2A9F-46BB-937F-E1B71835F0A3}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{3F5334FD-3295-4209-803F-D05576422C6F}" = protocol=17 | dir=in | app=c:\users\flutterby\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{435461A6-F407-4620-BB56-E811E77047B3}" = protocol=17 | dir=in | app=c:\program files\windows jzip toolbar\toolbar\dtuser.exe |
"{44728D92-21A9-40AA-AC14-F0DE623B4315}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4EB60777-923C-496C-A289-749A0E43ACD5}" = protocol=6 | dir=in | app=c:\program files\windows jzip toolbar\toolbar\dtuser.exe |
"{550F35E2-E09D-46CA-947D-11BD36C2A783}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{594F8C01-72CD-42C1-89E6-D0BAF62BC577}" = protocol=6 | dir=in | app=c:\users\flutterby\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{5FF18569-060C-4A8A-A1CB-7B16AB3359BB}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{62723AF8-822A-4FEC-88FF-6399B391A2FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64206611-AB80-4D57-8EFE-B0E61452DD9B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{695A4652-E953-4DB4-A8B3-DBA505688E30}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{76D3D0C8-6052-4676-803A-39D67E62CB1B}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{7A3DBD58-C9CD-4413-A882-B31293F0A2E1}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{7C8ED36C-7699-4A17-90F6-5F98D5E73F95}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{88F1969E-A682-4311-BDC8-6964DA94EAB5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{89E4FAB6-BE41-4047-B51E-04CA87BD9150}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{8AA375ED-5B2E-4B94-90F4-AC22191DB414}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FBCA37F-1396-4A04-ACD5-7B8CC8701C3B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{9185352E-AB5A-44DA-80AB-9BA432E87D24}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{921E6A85-5BF9-4843-A314-214B968A7D96}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{98A9A439-9625-488B-9D51-588F9B8445A6}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{9A6155B5-C0E3-4E7E-9BFD-D31DC107BD16}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{9DB407E3-2BE8-41B2-B9EC-DE2A69935320}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9FEAEB09-7561-49D3-9893-16EE42D88BE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3159856-47A1-4390-90E6-7AC27B0E9B00}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A4688992-2967-426E-B661-ACDBBF13B34A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A57666C2-0608-4889-91C9-45FEF3E98227}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA12006E-ECFB-41CF-8E5D-A33C827247F7}" = protocol=6 | dir=in | app=c:\users\flutterby\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{AAB48458-4320-41AC-A883-59D8A10C1C37}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{B2B4683D-5686-4FBE-A090-032AD8B7BFC9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{B34BA605-D356-4840-AA6A-6E260835A3BA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BA54F9A5-251B-453A-97E7-2B338912AB68}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{C297BA2C-A343-4165-B67D-FD76DF4F122D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{C5815573-1AA2-41F0-B94B-82C8F080216F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8C561EA-CA29-435F-B520-94F1C6F7ACF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAA51A3B-A76F-4DA6-9F0A-2AFA1558BEEE}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{CB52C436-6229-4481-8D0F-E6CA4DB6DE9D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{CF25F40B-B020-4D48-A7CA-FC60DD0B7A10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA7A0EAE-3B02-4F65-9D6E-E43342916ACD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E0837374-76BC-47BA-909B-3DBB28347383}" = protocol=6 | dir=in | app=c:\windows\system32\lxdiih.exe |
"{E9007229-16FE-496A-B3CC-AA728284E7A2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{EB5F700B-A475-4038-978B-DE7B543BE2D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3518A97-AC7D-4A80-B269-334A1F61E936}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{F6BFEBD9-AAB5-4C63-BFA5-E5EB0F390404}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F751592A-E630-4857-82DB-AC68954FDFCE}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{FCF457A2-89BF-43EA-98DD-58869FA182D0}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"TCP Query User{61CFE777-C9F2-4D44-B509-C31938C8B9D5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8D8DDF53-65BC-4148-86BB-15A7FCDACA25}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B3ED9FEB-EF2A-4241-99BC-510FC642EA53}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{BABB501B-7618-47D8-86B0-A36060D724BF}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{BF0A9C2E-0DDA-4306-915C-684EF6533A0E}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{5B78E879-557F-4C36-9F15-824B01B55374}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"UDP Query User{8DA2D86F-85E8-4D34-825E-276F9D750DB0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B61A17EB-2FE5-4016-8583-A318F22C8746}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CE788C2E-DC1A-4A31-AD96-4909F16DA4AC}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{F27802E3-879B-4B56-BBD3-44AF4243B842}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0671B030-FE74-1133-44FA-C5515BD6DF39}" = Catalyst Control Center Graphics Light
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{105D3B41-2F2F-335A-C309-C859A0F4CBE8}" = FX AccuCharts
"{14D9C768-AE57-9A67-4D80-0C434DF6B86B}" = Skins
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1FC180AA-4167-43D0-8635-4CF98A0CE4EA}" = XPlay 3
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client
"{44A805BD-BF66-EABD-6950-CB2118470A96}" = Catalyst Control Center Graphics Previews Vista
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CA3501B-7297-48C1-B192-08A2275D327A}" = Global Trading System Pro
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{634706E1-2285-AE23-F664-3236072075F2}" = Catalyst Control Center Core Implementation
"{64ADEF4B-AE1B-FB8A-00A6-1ACB76B1F36E}" = ccc-utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81E04A8B-C804-4886-FA79-0AD2BE946A06}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974530D2-AE96-4C99-B549-99CADA653CE5}" = Garmin MapSource
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A89CD51B-B576-6635-4A8E-94D2CC9BB798}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF74287C-2315-1723-38F3-5E1C90433B9B}" = Catalyst Control Center Graphics Full New
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD945131-80BB-911D-1F77-3C6EB33CC5D8}" = CCC Help English
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED2E6160-4AE1-8A97-1A5B-3E51E241B608}" = Catalyst Control Center Graphics Full Existing
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVI Movie Player" = AVI Movie Player
"BB29F88B-A742-4E2C-B0F3-FFEC11E1BA06" = InfinityAT
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8c
"sp6" = Logitech SetPoint 6.20
"TeamViewer 4" = TeamViewer 4
"thinkorswim" = thinkorswim
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3201027742-4137580103-2887526332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audio/Video Conference" = Audio/Video Conference 4.2+
"GoToMeeting" = GoToMeeting 5.0.0.666

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2011 1:32:45 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/19/2011 1:32:45 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/19/2011 2:30:27 PM | Computer Name = Flutterby-PC | Source = Perflib | ID = 1010
Description =

Error - 6/22/2011 7:12:13 AM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/22/2011 7:12:13 AM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/22/2011 9:54:30 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/22/2011 9:54:30 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/22/2011 10:00:52 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/22/2011 10:00:52 PM | Computer Name = Flutterby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 6:16:41 PM | Computer Name = Flutterby-PC | Source = Application Hang | ID = 1002
Description = The program mcagent.exe version 11.0.554.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 548 Start Time: 01cc31492312f960 Termination Time: 63

[ System Events ]
Error - 6/22/2011 9:54:19 PM | Computer Name = Flutterby-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/22/2011 9:57:23 PM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =

Error - 6/22/2011 10:00:43 PM | Computer Name = Flutterby-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/22/2011 10:00:43 PM | Computer Name = Flutterby-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/22/2011 10:03:41 PM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =

Error - 6/23/2011 7:02:06 AM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =

Error - 6/23/2011 7:16:13 AM | Computer Name = Flutterby-PC | Source = BROWSER | ID = 8032
Description =

Error - 6/28/2011 6:10:59 PM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =

Error - 6/28/2011 6:11:29 PM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =

Error - 6/28/2011 6:18:47 PM | Computer Name = Flutterby-PC | Source = DCOM | ID = 10010
Description =


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 28 June 2011 - 06:34 PM

Hi!

thanks for the help, nothing had changed, cant connect to internet, programs are very slow to open. Mcafee is toast, plain white screen.

That's interesting. I believe I have another user who's experiencing the same issue with McAfee right now as well.

Were you able to run Rootkit UnHooker? If so, could you post the log for me to review?

When did you start experiencing issues with the Internet?

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    
    :Reg
    
    :Files
    ipconfig /release /c
    ipconfig /renew /c
    ipconfig /flushdns /c
    netsh winsock reset catalog /c
    netsh winsock reset all /c
    netsh int ip reset all /c
    type "C:\ComboFix.txt" /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Are you still experiencing issues with connecting to the internet?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 28 June 2011 - 09:15 PM

Ok, sorry I forgot to post that log, yes I have it. Turned off Teatimer
I need help on the custom scan. Im on another computer. Having to transfer programs to sick machine
I tried selecting the fix text from the post in Mozilla and pasting it to a folder. cant do that
How do I get this over to the other machine?

On the Q of when did this start, I noticed that Mozilla was unstable, blinking ect. I shut it down
Ran rkill,defog, then scans, found the 2 trojans listed above. Did Safe mode scans with Super ASW, Mabm, Spybot
and got zip.




RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x8F200000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10465280 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 267.24 )
0x81E0F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E0F000 PnpManager 3907584 bytes
0x81E0F000 RAW 3907584 bytes
0x81E0F000 WMIxWDM 3907584 bytes
0x98EF0000 Win32k 2113536 bytes
0x98EF0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90402000 C:\Windows\system32\drivers\RTKVHDA.sys 2027520 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8AC09000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82CF2000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90002000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x82E40000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA5007000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x90F15000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8FC04000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8FD08000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9020C000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8060B000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82C81000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82C0A000 C:\Windows\system32\drivers\mfehidk.sys 450560 bytes (McAfee, Inc., McAfee Link Driver)
0x9F40F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9097D000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x90E2E000 C:\Windows\system32\drivers\mfefirek.sys 331776 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x9F580000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x80730000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9083B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8AD75000 C:\Windows\System32\Drivers\MDFSYSNT.sys 290816 bytes (Mediafour Corporation, MacDrive file system driver)
0x80694000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80496000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FD95000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x9015C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8FCBB000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x908F1000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82E05000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9F507000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AD19000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x902FE000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821C9000 ACPI_HAL 208896 bytes
0x821C9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807CC000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90809000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9012D000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90344000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x805C7000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x902BD000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x90E04000 C:\Windows\system32\drivers\mfeavfk.sys 172032 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x90FD5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9F5CF000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x9F558000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8ADBC000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9092D000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
0x90371000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x901CA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x908C9000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x82F45000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9F4C7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x903C0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F4E8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AE000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9F47C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0xA5171000 C:\Windows\system32\drivers\mfeapfk.sys 114688 bytes (McAfee, Inc., Access Protection Filter Driver)
0x82F2A000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90EFA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9F499000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9010F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9F540000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x909D8000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x901A8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA515B000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90883000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82FAF000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9F4B2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FDEA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA519E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA51B3000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8FDD6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x82FC5000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x82FD9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x908B6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA51C8000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8ADE3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90333000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805B7000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90EB8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x90FC5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80796000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90295000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82F92000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x90899000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x90EEB000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AD66000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80712000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x90953000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 61440 bytes (Trusteer Ltd., RapportEI)
0x901ED000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FCF9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80721000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x99130000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x908A8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x82FA1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80781000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA514E000 C:\Windows\system32\drivers\cfwids.sys 53248 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x90E7F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xA518D000 C:\Windows\system32\drivers\mfebopk.sys 53248 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x90962000 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys 53248 bytes (Trusteer Ltd., RapportCerberus)
0x902F1000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80687000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8AD5A000 C:\Windows\System32\Drivers\RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
0x82FEC000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows ® Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0xA50EF000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x903B4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FCA4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90E8C000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x90104000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x902A5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x902B0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x903F1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x901BF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9019D000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x82F7E000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FCB0000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x90E9F000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x902E7000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x909EF000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9096F000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA50E5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xA51DA000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8ADF4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x905F1000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90EAF000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x90EE2000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82C78000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x90200000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99110000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82F89000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807A6000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90E97000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x90ECA000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x90EDA000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x90ED2000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x903E1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x903E9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AD52000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9039D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x903AD000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8077A000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80406000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90396000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8078F000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x90127000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90EA9000 C:\Windows\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0x908EB000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90979000 C:\Windows\system32\drivers\elrawdsk.sys 16384 bytes (EldoS Corporation, RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.)
0x8FBFB000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.24 )
0x902BB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90EC8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 29 June 2011 - 09:28 AM

HI!

I need help on the custom scan. Im on another computer. Having to transfer programs to sick machine
I tried selecting the fix text from the post in Mozilla and pasting it to a folder. cant do that
How do I get this over to the other machine?

Okay. That text needs to be saved a file.

I'll attach the fix, and you can copy it to your sick computer and open it from there and run it.[attachment=101167:Fix.txt]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 29 June 2011 - 05:33 PM

ok got it, ran it, and rebooted as directed.
It still wont connect to the net and programs are still extremely slow to open
thanks
Pattrick

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9cb:dfbd:6eb8:7d50%12
Default Gateway . . . . . . . . . :
Ethernet adapter peckerwood:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9c7:cf53:5214:f9d9%11
Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::9cb:dfbd:6eb8:7d50%12
IPv4 Address. . . . . . . . . . . : 192.168.1.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter peckerwood:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::9c7:cf53:5214:f9d9%11
IPv4 Address. . . . . . . . . . . : 192.168.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Echo Request, failed.
Access is denied.
Reseting Interface, OK!
A reboot is required to complete this action.
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
< type "C:\ComboFix.txt" /c >
ComboFix 11-01-22.03 - Flutterby 01/23/2011 12:40:11.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3325.1998 [GMT -6:00]
Running from: c:\users\Flutterby\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\users\Flutterby\g2mdlhlpx.exe
c:\users\Flutterby\GoToAssistDownloadHelper.exe
c:\windows\system32\ICON.ico
.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.
2011-01-23 18:48 . 2011-01-23 18:48 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-01-23 18:48 . 2011-01-23 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-22 17:05 . 2011-01-23 17:27 -------- d-----w- C:\Rustbfix
2011-01-21 20:52 . 2011-01-21 20:52 -------- d-----w- c:\programdata\Carbonite
2011-01-21 20:52 . 2011-01-21 20:52 -------- d-----w- c:\program files\Carbonite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 22:19 . 2010-12-15 22:19 53248 ----a-r- c:\users\Flutterby\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-15 22:19 . 2010-12-15 22:19 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-12-02 21:21 . 2009-07-30 18:58 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-02 21:20 . 2009-07-13 12:32 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-02 21:20 . 2009-07-13 12:32 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-02 21:18 . 2009-07-13 12:32 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2007-11-09 21:10 . 2007-11-09 21:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 . 2007-11-09 21:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 . 2007-11-09 21:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 . 2007-11-09 21:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 . 2007-11-09 21:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 . 2007-11-09 21:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 . 2007-11-09 21:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 . 2007-11-09 21:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 . 2007-11-09 21:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2001-12-03 23:09 . 2008-12-16 23:28 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
2010-07-17 23:50 . 2009-11-28 22:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 04:28 . 2010-05-12 10:36 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-01-13 05:40 750736 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-01-13 05:40 750736 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-01-13 05:40 750736 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-01 4706304]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-17 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe" [2009-12-04 299008]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2010-12-02 434360]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-01-17 492840]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-01-13 931472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 01:24]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 01:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: isqft.com\www
FF - ProfilePath - c:\users\Flutterby\AppData\Roaming\Mozilla\Firefox\Profiles\6x23ridh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - %profile%\extensions\browserhighlighter@ebay.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
Notify-GoToAssist - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 12:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,fd,85,7f,d0,e4,5e,45,aa,cc,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,fd,85,7f,d0,e4,5e,45,aa,cc,7c,\
.
Completion time: 2011-01-23 13:01:46
ComboFix-quarantined-files.txt 2011-01-23 19:01
Pre-Run: 132,437,069,824 bytes free
Post-Run: 131,565,924,352 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 575E01C0B5E9EBED726F3E1A537B2C2B
C:\Users\Flutterby\Desktop\cmd.bat deleted successfully.
C:\Users\Flutterby\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Flutterby
->Temp folder emptied: 421874 bytes
->Temporary Internet Files folder emptied: 556005 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7944705 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Flutterby
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06292011_163315

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\fb_2696.lck not found!
File\Folder C:\Windows\temp\mcafee_dsNHHleGLShOOBt not found!

Registry entries deleted on Reboot...

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 30 June 2011 - 09:55 AM

Lets try theses fixes and see if we can get you connected back to the internet:

Make sure the following setting is set as it is supposed to be set:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    Under General tab:
    • Select "Obtain an IP address automatically".
    • Select "Obtain DNS server address automatically".
  • Click OK twice to save the settings.
  • Reboot if you had to change any setting.


NEXT:



Still unable to connect to the internet?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 30 June 2011 - 05:19 PM

ok , Im running Vista Business. Went to Network and Sharing center- manage network connections
found the lan connect, right click - properties- all I see is a networking tab? notes the controller.
I cant find anything else there. Help?
Thanks

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 30 June 2011 - 08:53 PM

See this link here: http://windows.microsoft.com/en-US/windows-vista/Change-TCP-IP-settings and see if that gets you connected back to the internet.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 July 2011 - 06:26 AM

ok, got it, both the 6 and 4 have the auto boxes checked. ...
Tried IE and Mozilla, wireless and hard wired. wont connect
when solutions checked, error message- "Cannot find www.goggle.com using DNS"
So is fixable or do I just wipe it and atart over?
Thanks

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 01 July 2011 - 09:49 AM

Lets try to change the DNS settings.

Please visit this link here again: http://windows.microsoft.com/en-US/windows-vista/Change-TCP-IP-settings

and set the DNS settings as followed:

Click on Use the following DNS server addresses:
Preferred DNS server: 8.8.8.8
Alternate DNS server: 8.8.4.4

Click OK.



NEXT:



Flush DNS
  • Now go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


Reboot your computer and see how if you're able to connect to the internet after doing the above.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 July 2011 - 05:45 PM

ok, got the v4 to change to above listed, the v6 would not let me, there was no periods and sections in the box like the v4
and it when I inputed the 8.8.8.8 it said invalid address.
Flushed dns, reboot. still wont connect. the connection shows to be there, although sometimes ti goes to local only ?
then shows to be connected again.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:20 PM

Posted 01 July 2011 - 07:55 PM

We need to get the internet connection issue fixed, as it's going to make things much more difficult if we work with no internet connection on this computer.

I'd like to have you post in our Networking forum, including a link to this thread, and mention that you're not able to connect to the internet.

After the techs help you get the internet connection issue fixed we can come back here and focus on the slowness issue.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 pattrick

pattrick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 02 July 2011 - 11:06 AM

ok great




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users