Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

RUNDLL problems, Error loading stuff (Please help)

(In Progress)
(!)

SklStrs2's Avatar
SklStrs2 SklStrs2 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
27-Nov-2012, 08:42 AM #1
RUNDLL problems, Error loading stuff (Please help)
I'm kinda new here, in this forum and I would really appreciate it if someone could help me...
I've googled the problem, and found no results.. So, here it is...

The problem:
Every startup, I receive a Rundll error message every time I open up the computer.
It says:

RUNDLL

(X) Error loading msiqnv32.dll
The specified module could not be found.

I've tried searching for a solution... I just really want the exact solution, cause i'm afraid to screw the pc up.
This might be of help to you to identify the problem:

(HijackThis log)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:49 PM, on 11/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.smartbro.net:8080
F3 - REG:win.ini: load=C:\Documents and Settings\John Abarro\aaac_1.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: Windows XP:
O1 - Hosts: Windows Vista:
O1 - Hosts: ::1 localhost
O1 - Hosts: Windows 7:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [M0UxOTBDNkYzMUMzNzkxMD] C:\Documents and Settings\John Abarro\wuaucinfoc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\John Abarro\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [USB Threat Defender] C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe /b
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSIDLL] rundll32.exe msiqnv32.dll,eUhWLLiKt
O4 - HKCU\..\Run: [MSSMARTMON1] "C:\Documents and Settings\John Abarro\Application Data\5.exe"
O4 - HKCU\..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
O4 - HKCU\..\Run: [Fqtstx] C:\Documents and Settings\John Abarro\Application Data\Microsoft\Fqtstx.exe
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9134 bytes

___________________________________________________________________________ __________
It would be better if you could a suggest a solution that is not in need of reformatting...




Thanks for the Help!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,685 posts.
 
Join Date: Aug 2003
27-Nov-2012, 12:20 PM #2
It's related to malware. You're computer is infected. I will mve this to the Virus & Other Malwre Removal forum.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created n your Desktop".

The logs will be named dds.txt and attach.txt.

Wait until the logs appear and then copy and paste their contents in your post.



Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.
__________________
Microsoft MVP - Consumer Security
SklStrs2's Avatar
SklStrs2 SklStrs2 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
01-Dec-2012, 10:47 PM #3
Thank you for the help. Sorry if it took so long for me to reply.
Here is the content of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by John Abarro at 7:44:53 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1185 [GMT 8:00]
.
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uProxyServer = proxy.smartbro.net:8080
uProxyOverride = <local>
uWinlogon: Shell = c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe
uWindows: Load = c:\documents and settings\john abarro\aaac_1.exe
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Facebook Update] "c:\documents and settings\john abarro\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [USB Threat Defender] c:\program files\arzoosoft solutions\usb threat defender\utdefender.exe /b
uRun: [MSIDLL] rundll32.exe msiqnv32.dll,eUhWLLiKt
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [M0UxOTBDNkYzMUMzNzkxMD] c:\documents and settings\john abarro\wuaucinfoc.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DC9205CD-5017-4E64-92DB-14BBF57ACD9C} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs= avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john abarro\application data\mozilla\firefox\profiles\4e8c1wfh.default\
FF - prefs.js: browser.search.selectedEngine - Burst Files
FF - plugin: c:\documents and settings\john abarro\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\john abarro\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-04 17:22; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2012-11-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2012-11-25 26824]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2012-11-25 231704]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-11-12 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-10-6 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-10-6 54608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2012-2-22 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2012-2-22 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 170408]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [2012-2-19 1270120]
S3 GGSAFERDriver;GGSAFER Driver;\??\f:\gcart\gamedata\apps\go kart ph\releasephysx27\safedrv.sys --> f:\gcart\gamedata\apps\go kart ph\releasephysx27\safedrv.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8a.tmp --> c:\windows\system32\8A.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-4-10 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-4-10 8576]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 XPTWOPORT;XP TWO PORT Intermediate Driver;c:\windows\system32\drivers\XPTWOPORT.sys [2012-2-19 15872]
.
=============== Created Last 30 ================
.
2012-11-27 14:56:16 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-11-27 14:56:14 -------- d-----w- c:\program files\Windows Cannot Find Fix Wizard
2012-11-27 12:06:18 388096 ----a-r- c:\documents and settings\john abarro\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-11-27 12:06:11 -------- d-----w- c:\program files\Trend Micro
2012-11-27 11:45:02 -------- dc----w- C:\Documents
2012-11-25 13:01:59 183296 --sha-r- c:\documents and settings\john abarro\wuaucinfoc.exe
2012-11-25 12:34:26 -------- dc-h--w- C:\$AVG8.VAULT$
2012-11-25 11:44:45 -------- d-----w- c:\program files\Sophos
2012-11-25 11:08:27 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2012-11-25 11:08:23 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-25 11:08:14 -------- d-----w- c:\windows\system32\drivers\Avg
2012-11-25 11:07:59 -------- d-----w- c:\program files\AVG
2012-11-25 11:07:59 -------- d-----w- c:\documents and settings\all users\application data\avg8
2012-11-25 02:08:35 183296 --sha-r- c:\documents and settings\john abarro\nvodbc.exe
2012-11-23 13:55:43 183296 --sha-r- c:\documents and settings\john abarro\prnper.exe
2012-11-23 13:44:57 183296 --sha-r- c:\documents and settings\john abarro\shcer.exe
2012-11-23 12:45:17 183296 --sha-r- c:\documents and settings\john abarro\aaac_1.exe
2012-11-20 14:22:32 29184 ----a-w- c:\documents and settings\john abarro\application data\microsoft\installer\{52c8faa0-68ca-4af9-8a7a-92cf3174cc77}\IconTmpl6.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.htm.tmp
2012-11-18 07:41:36 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-11-14 18:32:20 -------- d-----w- c:\documents and settings\john abarro\application data\fltk.org
2012-11-14 18:27:15 -------- d-----w- c:\program files\K-Lite Codec Pack
.
==================== Find3M ====================
.
2012-11-25 03:11:13 900 -csha-w- c:\windows\system32\KGyGaAvL.sys
2012-11-19 11:06:26 56 -csh--r- c:\windows\system32\A0196F9AFF.sys
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-14 11:49:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-10-09 17:43:07 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:43:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 07:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 07:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 05:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 7:45:57.71 ===============

And for the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2011 9:09:01 PM
System Uptime: 12/2/2012 7:31:11 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-MX
Processor: Intel Pentium III processor | Socket 775 | 2500/417mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 2.436 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.561 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 0.312 GiB free.
F: is FIXED (NTFS) - 9 GiB total, 0.287 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&00
Service: NVENETFD
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
ASUSUpdate
AVG Free 8.0
AVI ReComp 1.5.3
AviSynth 2.5
Canon iP1700
Dev-C++ 5 beta 9 release (4.9.9.2)
DScaler 5 Mpeg Decoders
Facebook Video Calling 1.2.0.287
ffdshow v1.1.3996 [2011-10-13]
Folder Lock
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HyperCam 2
IGG Web3D Player version 1.0.0.37
Java Auto Updater
Java(TM) 6 Update 37
K-Lite Codec Pack 9.4.0 (Full)
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MilkShape 3D 1.8.4
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
mpowerplayer
MSVC80_x86_v2
MSVCRT Redists
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Nokia Connectivity Cable Driver
NVIDIA Drivers
Ontrack EasyRecovery Professional
PC Connectivity Solution
PDF Settings CS5
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
RGSS-RTP Standard
RPG Maker VX RTP
RPGXP
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sophos Anti-Rootkit 1.5.4
Sothink SWF Quicker
swMSM
System Requirements Lab CYRI
System Requirements Lab Test
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
TuneUp Utilities 2007
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Threat Defnder 1.0
Vegas Pro 10.0
VobSub 2.23
WebFldrs XP
Windows Cannot Find Fix Wizard
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows XP Service Pack 3
WinRAR 4.10 beta 3 (32-bit)
Xvid 1.3.0
Yahoo! Messenger
YTD Video Downloader 3.9.1
.
==== End Of File ===========================
And here is the content of the ark.txt file
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-02 10:45:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590
Running: 20snoihp.exe; Driver: C:\DOCUME~1\JOHNAB~1\LOCALS~1\Temp\kwldiuob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB293557B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB29354FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB29355A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB293550F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB293553B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB29355CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB29354E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB293558F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB2935525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB2935551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB2935567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB29355E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB29355B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B5C 7 Bytes JMP B29355BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB96CE360, 0x307F47, 0xE8000020]
? C:\DOCUME~1\JOHNAB~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE00B3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0098
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0087
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0F88
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F99
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE00FF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0F66
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0110
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE006C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE00C4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE0F77
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD0F57
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD0FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DD0F68
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DD0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DD0F83
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FD, 88]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DD0F94
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC0F81
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0F92
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0FAD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[476] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DB0000
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F41
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F5C
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F79
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0036
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F09
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0051
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0EB8
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0ED3
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0E9D
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0011
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F26
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FDB
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0EE4
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0F8A
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0011
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0047
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BC0FA5
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 88]
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC002C
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB003D
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB002C
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FBC
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010E0FE5
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010E006E
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010E005D
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E0F79
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010E0F8A
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010E0FAF
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010E0F3C
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E0F4D
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010E0EE1
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010E0EFC
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010E0095
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010E0036
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010E0F5E
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 010E001B
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [84]
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010E000A
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010E0F21
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0022
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FC0
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0044
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0033
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\services.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE004C
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0F57
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0F68
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0025
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE0014
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0F0E
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F2B
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE0EE2
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0EF3
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0EC7
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE0F83
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE0FD4
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0F3C
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE0FA8
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0FB9
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE007B
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD0F9E
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD0025
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DD005B
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DD0FB9
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FD, 88]
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DD0FCA
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00FC0
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00055
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00029
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00044
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00018
.text C:\WINDOWS\system32\lsass.exe[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30F3C
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30F57
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B30F68
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30F83
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30014
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30EFF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30F10
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B3008E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B3007D
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B3009F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B30F2B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B3006C
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B20039
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B20065
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B2000A
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B20FA8
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B2004A
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B20FC3
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10038
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B10027
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10FB7
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FD2
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00FE5
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0093
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0082
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00BF
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00A4
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00E1
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00D0
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0F23
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF004A
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0039
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F5C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0073
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0FC0
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB7
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0042
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD001D
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02420000
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02420F66
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02420F77
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02420F92
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02420051
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02420FB9
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02420F30
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0242006C
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02420EFD
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02420F0E
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024200A7
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02420040
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02420FE5
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02420F41
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02420FCA
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0242001B
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02420F1F
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0241000A
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02410F68
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FAF
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02410FD4
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02410F83
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02410FEF
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02410F94
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 8A]
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0241001B
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02160F89
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!system 77C293C7 5 Bytes JMP 02160F9A
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02160000
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02160FE3
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02160FAB
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02160FD2
.text C:\WINDOWS\System32\svchost.exe[1100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02150000
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenA 3D95D6B8 5 Bytes JMP 02130FE5
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenW 3D95DB31 5 Bytes JMP 02130FD4
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 02130FB9
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 02130000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065005D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650093
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500D5
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F46
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006500E6
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F8D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650082
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500C4
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064006F
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640FA8
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063003D
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD7
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630011
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0000
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0FAA
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0FBB
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0095
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0084
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C004E
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00DC
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C00CB
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C0123
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0108
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0134
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0069
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C0011
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C00B0
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0033
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0022
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C00F7
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0FE5
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0F9E
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B0036
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B001B
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007B0FB9
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007B0051
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007B0FCA
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0FA1
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A002C
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0011
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A0FBC
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0000
.text C:\WINDOWS\System32\svchost.exe[1260] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10000
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F4B
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10040
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1002F
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10F7C
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10FA8
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A10F1F
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A1005B
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10EF3
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A10F04
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10ED8
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10F8D
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A10F30
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10082
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00FA8
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00065
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A0004A
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A0002F
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F002F
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F0FA4
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0FC6
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0FB5
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0000
.text C:\WINDOWS\System32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01260FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01260060
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01260F6B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01260045
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01260F7C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0126001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01260087
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01260F3F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01260F09
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012600A2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012600BD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01260F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01260FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01260F50
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01260FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01260FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01260F24
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01240036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01240062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01240025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01240FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01240FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01240000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01240051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01240FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01230FB7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 01230FC8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0123002E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01230000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01230FD9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0123001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01220FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] WinInet.dll!InternetOpenA 3D95D6B8 5 Bytes JMP 00EF0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] WinInet.dll!InternetOpenW 3D95DB31 5 Bytes JMP 00EF0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] WinInet.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 00EF0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1612] WinInet.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 00EF0FA8
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F6D
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC006C
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0051
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0F9E
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0040
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0F24
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F4B
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0EEE
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0087
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC00A2
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0FDE
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F5C
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC002F
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0014
.text C:\WINDOWS\Explorer.EXE[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F09
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB0F8D
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0F9E
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FB004A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0039
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0FD4
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA005F
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA003A
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0000
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\Explorer.EXE[1792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0029
.text C:\WINDOWS\Explorer.EXE[1792] WININET.dll!InternetOpenA 3D95D6B8 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\Explorer.EXE[1792] WININET.dll!InternetOpenW 3D95DB31 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\Explorer.EXE[1792] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 00F20FCD
.text C:\WINDOWS\Explorer.EXE[1792] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 00F20FBC
.text C:\WINDOWS\Explorer.EXE[1792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,685 posts.
 
Join Date: Aug 2003
01-Dec-2012, 11:09 PM #4
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
SklStrs2's Avatar
SklStrs2 SklStrs2 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
02-Dec-2012, 12:07 AM #5
I've done it:
ComboFix 12-12-01.02 - John Abarro 12/02/2012 11:51:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1147 [GMT 8:00]
Running from: c:\documents and settings\John Abarro\My Documents\Downloads\puppy.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\4A93E73.ini
c:\documents and settings\All Users\Application Data\686CE447FE.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John Abarro\aaac_1.exe
c:\documents and settings\John Abarro\Application Data\.#
c:\documents and settings\John Abarro\nvodbc.exe
c:\documents and settings\John Abarro\prnper.exe
c:\documents and settings\John Abarro\shcer.exe
c:\documents and settings\John Abarro\WINDOWS
c:\documents and settings\John Abarro\wuaucinfoc.exe
c:\windows\Alcmtr.exe
c:\windows\system32\_005835_.tmp.dll
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\sqlite3.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-11-27 14:56 . 2011-02-17 10:44 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-11-27 14:56 . 2012-11-27 14:56 -------- d-----w- c:\program files\Windows Cannot Find Fix Wizard
2012-11-27 12:06 . 2012-11-27 12:06 388096 ----a-r- c:\documents and settings\John Abarro\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 12:06 . 2012-11-27 12:06 -------- d-----w- c:\program files\Trend Micro
2012-11-27 11:45 . 2012-11-27 11:45 -------- dc----w- C:\Documents
2012-11-25 12:34 . 2012-12-02 02:44 -------- dc----w- C:\$AVG8.VAULT$
2012-11-25 11:44 . 2012-11-25 11:44 -------- d-----w- c:\program files\Sophos
2012-11-25 11:08 . 2012-12-02 00:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2012-11-25 11:08 . 2012-12-02 00:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-25 11:08 . 2012-12-02 00:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-25 11:08 . 2012-12-02 00:27 -------- d-----w- c:\windows\system32\drivers\Avg
2012-11-25 11:07 . 2012-12-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2012-11-25 11:07 . 2012-11-25 11:07 -------- d-----w- c:\program files\AVG
2012-11-20 14:22 . 2012-11-20 14:30 29184 ----a-w- c:\documents and settings\John Abarro\Application Data\Microsoft\Installer\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}\IconTmpl6.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.htm.tmp
2012-11-14 18:32 . 2012-11-14 18:32 -------- d-----w- c:\documents and settings\John Abarro\Application Data\fltk.org
2012-11-14 18:27 . 2012-11-14 18:28 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-11-04 09:22 . 2012-11-04 09:22 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-14 11:49 . 2012-10-14 11:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-10-09 17:43 . 2012-09-21 14:45 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:43 . 2011-11-12 01:10 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 07:32 . 2012-09-19 14:11 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 07:32 . 2011-11-12 01:13 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 05:51 . 2012-09-19 14:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-11 01:06 . 2012-10-20 11:34 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\John Abarro\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-22 138096]
"USB Threat Defender"="c:\program files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" [2012-02-23 253440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2012-02-23 1699840]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2012-02-23 1892352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-02-12 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-12-02 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2012-2-19 1118208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2012-12-02 00:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\jun\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\John Abarro\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\ \AuthorizedApplications\\List"=]
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RTLDHCP.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/25/2012 7:08 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/25/2012 7:08 PM 297752]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [2/19/2012 9:21 PM 1270120]
S3 GGSAFERDriver;GGSAFER Driver;\??\f:\gcart\GameData\Apps\GO Kart PH\Releasephysx27\safedrv.sys --> f:\gcart\GameData\Apps\GO Kart PH\Releasephysx27\safedrv.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8A.tmp --> c:\windows\system32\8A.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/10/2012 6:13 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/10/2012 6:13 PM 8576]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 XPTWOPORT;XP TWO PORT Intermediate Driver;c:\windows\system32\drivers\XPTWOPORT.sys [2/19/2012 9:21 PM 15872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 22:51]
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 17:43]
.
2012-11-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOHN-ABARRO-John Abarro.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-31 09:42]
.
2012-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1220945662-1801674531-1003Core.job
- c:\documents and settings\John Abarro\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-03 05:17]
.
2012-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1220945662-1801674531-1003UA.job
- c:\documents and settings\John Abarro\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-03 05:17]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-21 14:21]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-21 14:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = proxy.smartbro.net:8080
uInternet Settings,ProxyOverride = <local>
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\John Abarro\Application Data\Mozilla\Firefox\Profiles\4e8c1wfh.default\
FF - prefs.js: browser.search.selectedEngine - Burst Files
FF - ExtSQL: 2012-11-04 17:22; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MSIDLL - msiqnv32.dll
HKLM-Run-M0UxOTBDNkYzMUMzNzkxMD - c:\documents and settings\John Abarro\wuaucinfoc.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-IGG Web3D Player_is1 - c:\documents and settings\John Abarro\Application Data\IGG\Web3D\1.0.0.37\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 12:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-02 12:05:43
ComboFix-quarantined-files.txt 2012-12-02 04:05
.
Pre-Run: 2,292,776,960 bytes free
Post-Run: 2,685,689,856 bytes free
.
- - End Of File - - 1C6D6DB3BBD02417EEEF8D1BBB86D418
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,685 posts.
 
Join Date: Aug 2003
02-Dec-2012, 04:22 PM #6
Did you create this folder?

C:\Documents

Because it's not a normal (or good) place to save things.
SklStrs2's Avatar
SklStrs2 SklStrs2 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
08-Dec-2012, 08:05 PM #7
yes, I did. But i only made that folder because of the messages that appear on startup.
It says, it can't find the folder. Can I delete it?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,685 posts.
 
Join Date: Aug 2003
08-Dec-2012, 08:19 PM #8
There's no need to remove it if it serves a purpose but you can if you don't need the contents any longer.

Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
error, rundll, startup

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑