1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware/Virus Removal

Discussion in 'Virus & Other Malware Removal' started by richie71, Jan 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    I believe my PC is infected with a virus. Many times when opening Internet Explorer the program immediatly shuts itself down. The PC has been very slow lately also. Most times when I run Malwarebytes and Spybot it does find threats. Below are the files hijackthis log, dds.txt, attach.txt, and ark.txt. Thanks in advance for any help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:51:59 PM, on 1/21/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\secpro.exe
    C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\iSafe\wpk.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingE6409] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingF1391] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://secure.solutionset.com/XTSAC.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1356742133296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341751383043
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://stories.scrapbooksetc.com/create/DragDropUploader.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\WINDOWS\system32\secpro.exe
    O23 - Service: Run software as Windows service (SKLProService) - Unknown owner - C:\Program Files\ProKAward\aklservice.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    --
    End of file - 10399 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Rich at 22:52:18 on 2013-01-21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2344 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\secpro.exe
    C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
    mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\isafe\wpk.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRunOnce: [SpybotDeletingF1391] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRunOnce: [SpybotDeletingE6409] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
    dRunOnce: [RunNarrator] Narrator.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
    DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://secure.solutionset.com/XTSAC.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356742133296
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341751383043
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{8AC4E8EC-C5A5-4B9A-AA86-3F43AB002F43} : DHCPNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-15 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-15 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 44808]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
    R2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [2012-3-4 61440]
    R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-11-28 548264]
    R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-10-16 386920]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-21 168384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
    S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
    S3 SKLProService;Run software as Windows service;c:\program files\prokaward\aklservice.exe --> c:\program files\prokaward\aklservice.exe [?]
    .
    =============== Created Last 30 ================
    .
    2013-01-22 02:18:42 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-01-22 02:18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2012-12-28 20:59:00 -------- d-----w- c:\program files\Air Stream Server
    2012-12-28 20:41:09 -------- d-----w- c:\documents and settings\rich\local settings\application data\Splashtop
    2012-12-28 20:38:51 -------- d-----w- c:\documents and settings\all users\application data\Splashtop
    2012-12-28 20:38:25 -------- d-----w- c:\program files\Splashtop
    2012-12-28 20:38:00 -------- d-----w- c:\documents and settings\rich\local settings\application data\{AB7CBD6B-0741-4997-8430-950DB17CC940}
    .
    ==================== Find3M ====================
    .
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2011-12-21 02:10:40 235008 --shatr- c:\windows\system32\FltEng.dll
    2011-12-21 02:12:54 61440 --shatr- c:\windows\system32\secpro.exe
    .
    ============= FINISH: 22:52:50.48 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/23/2008 6:25:28 PM
    System Uptime: 1/20/2013 7:34:57 AM (39 hours ago)
    .
    Motherboard: Dell Inc. | | 0FM586
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 462 GiB total, 227.831 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is FIXED (NTFS) - 699 GiB total, 146.909 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1626: 10/24/2012 10:44:17 PM - System Checkpoint
    RP1627: 10/25/2012 10:51:04 PM - System Checkpoint
    RP1628: 10/26/2012 11:57:39 PM - System Checkpoint
    RP1629: 10/28/2012 12:05:32 AM - System Checkpoint
    RP1630: 10/29/2012 1:05:33 AM - System Checkpoint
    RP1631: 10/30/2012 2:05:37 AM - System Checkpoint
    RP1632: 10/31/2012 3:05:37 AM - System Checkpoint
    RP1633: 11/1/2012 10:06:43 AM - System Checkpoint
    RP1634: 11/2/2012 10:27:12 AM - System Checkpoint
    RP1635: 11/3/2012 10:35:01 AM - System Checkpoint
    RP1636: 11/4/2012 9:52:57 AM - System Checkpoint
    RP1637: 11/5/2012 11:23:01 AM - System Checkpoint
    RP1638: 11/6/2012 11:55:28 AM - System Checkpoint
    RP1639: 11/7/2012 12:24:55 PM - System Checkpoint
    RP1640: 11/8/2012 12:35:24 PM - System Checkpoint
    RP1641: 11/9/2012 1:59:22 PM - System Checkpoint
    RP1642: 11/10/2012 2:06:22 PM - System Checkpoint
    RP1643: 11/11/2012 2:18:21 PM - System Checkpoint
    RP1644: 11/12/2012 3:40:59 PM - System Checkpoint
    RP1645: 11/13/2012 4:20:47 PM - System Checkpoint
    RP1646: 11/14/2012 4:23:40 PM - System Checkpoint
    RP1647: 11/15/2012 5:09:43 PM - System Checkpoint
    RP1648: 11/15/2012 5:18:46 PM - Software Distribution Service 3.0
    RP1649: 11/16/2012 5:43:44 PM - System Checkpoint
    RP1650: 11/17/2012 6:13:12 PM - System Checkpoint
    RP1651: 11/18/2012 6:34:55 PM - System Checkpoint
    RP1652: 11/19/2012 7:14:23 PM - System Checkpoint
    RP1653: 11/20/2012 8:13:17 PM - System Checkpoint
    RP1654: 11/21/2012 9:25:39 PM - System Checkpoint
    RP1655: 11/22/2012 9:45:29 PM - System Checkpoint
    RP1656: 11/23/2012 10:45:30 PM - System Checkpoint
    RP1657: 11/24/2012 11:45:31 PM - System Checkpoint
    RP1658: 11/26/2012 12:26:08 AM - System Checkpoint
    RP1659: 11/27/2012 12:26:15 AM - System Checkpoint
    RP1660: 11/28/2012 1:26:13 AM - System Checkpoint
    RP1661: 11/29/2012 2:38:13 AM - System Checkpoint
    RP1662: 11/30/2012 3:26:14 AM - System Checkpoint
    RP1663: 12/1/2012 3:38:17 AM - System Checkpoint
    RP1664: 12/2/2012 3:39:45 AM - System Checkpoint
    RP1665: 12/3/2012 4:01:49 AM - System Checkpoint
    RP1666: 12/4/2012 5:01:49 AM - System Checkpoint
    RP1667: 12/5/2012 5:53:36 AM - System Checkpoint
    RP1668: 12/6/2012 6:53:26 AM - System Checkpoint
    RP1669: 12/7/2012 7:17:44 AM - System Checkpoint
    RP1670: 12/8/2012 7:40:17 AM - System Checkpoint
    RP1671: 12/9/2012 7:52:20 AM - System Checkpoint
    RP1672: 12/10/2012 7:55:53 AM - System Checkpoint
    RP1673: 12/11/2012 9:42:35 AM - System Checkpoint
    RP1674: 12/12/2012 8:36:22 AM - Software Distribution Service 3.0
    RP1675: 12/13/2012 9:30:35 AM - System Checkpoint
    RP1676: 12/14/2012 10:28:29 AM - System Checkpoint
    RP1677: 12/15/2012 11:07:04 AM - System Checkpoint
    RP1678: 12/16/2012 12:13:18 PM - System Checkpoint
    RP1679: 12/17/2012 12:28:30 PM - System Checkpoint
    RP1680: 12/18/2012 12:42:34 PM - System Checkpoint
    RP1681: 12/19/2012 12:42:51 PM - System Checkpoint
    RP1682: 12/20/2012 12:43:55 PM - System Checkpoint
    RP1683: 12/21/2012 12:49:43 PM - System Checkpoint
    RP1684: 12/21/2012 10:42:59 PM - Software Distribution Service 3.0
    RP1685: 12/22/2012 10:45:07 PM - System Checkpoint
    RP1686: 12/23/2012 11:57:09 PM - System Checkpoint
    RP1687: 12/25/2012 6:51:06 AM - System Checkpoint
    RP1688: 12/26/2012 11:13:20 AM - System Checkpoint
    RP1689: 12/27/2012 11:56:16 AM - System Checkpoint
    RP1690: 12/28/2012 12:57:25 PM - System Checkpoint
    RP1691: 12/28/2012 3:38:18 PM - Installed Splashtop Streamer
    RP1692: 12/29/2012 3:39:20 PM - System Checkpoint
    RP1693: 12/30/2012 3:40:39 PM - System Checkpoint
    RP1694: 12/31/2012 3:51:34 PM - System Checkpoint
    RP1695: 1/1/2013 3:51:41 PM - System Checkpoint
    RP1696: 1/2/2013 5:12:13 PM - System Checkpoint
    RP1697: 1/3/2013 5:46:23 PM - System Checkpoint
    RP1698: 1/4/2013 1:20:27 PM - Software Distribution Service 3.0
    RP1699: 1/5/2013 1:48:33 PM - System Checkpoint
    RP1700: 1/6/2013 2:21:18 PM - System Checkpoint
    RP1701: 1/7/2013 3:06:19 PM - System Checkpoint
    RP1702: 1/8/2013 3:08:25 PM - System Checkpoint
    RP1703: 1/9/2013 1:46:19 PM - Software Distribution Service 3.0
    RP1704: 1/10/2013 2:06:19 PM - System Checkpoint
    RP1705: 1/11/2013 5:24:51 PM - System Checkpoint
    RP1706: 1/12/2013 6:24:06 PM - System Checkpoint
    RP1707: 1/13/2013 6:58:33 PM - System Checkpoint
    RP1708: 1/14/2013 7:25:43 PM - System Checkpoint
    RP1709: 1/15/2013 6:06:30 PM - Software Distribution Service 3.0
    RP1710: 1/16/2013 6:18:22 PM - System Checkpoint
    RP1711: 1/17/2013 6:43:41 PM - System Checkpoint
    RP1712: 1/18/2013 7:18:21 PM - System Checkpoint
    RP1713: 1/19/2013 7:18:42 PM - System Checkpoint
    RP1714: 1/20/2013 7:39:40 PM - System Checkpoint
    RP1715: 1/21/2013 10:11:31 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.3.4
    Adobe Reader X (10.1.5)
    Air Playit 1.6.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Catalyst Registration
    ATI Display Driver
    avast! Free Antivirus
    AviSynth 2.5
    Azureus
    Bonjour
    Browser Address Error Redirector
    CameraHelperMsi
    Canon Easy-PhotoPrint EX
    Canon MP Navigator 3.0
    Canon MP Navigator EX 4.0
    Canon MP280 series MP Drivers
    Canon MP280 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Utilities Easy-PhotoPrint
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    Combined Community Codec Pack 2009-09-09
    Compatibility Pack for the 2007 Office system
    CopyTrans Suite Remove Only
    Critical Update for Windows Media Player 11 (KB959772)
    Dell DataSafe Online
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Documentation & Support Launcher
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Easy-WebPrint
    erLT
    ESET Online Scanner v3
    ffdshow [rev 2019] [2008-06-22]
    Free YouTube to Mp3 Converter version 3.1
    Games, Music, & Photos Launcher
    GetFLV Pro 5.8
    GoFTP v2
    GoToAssist 8.0.0.514
    HandBrake 0.9.5
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    Intel(R) PRO Network Connections Drivers
    Internet Service Offers Launcher
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 5
    K-Lite Codec Pack 4.0.0 (Full)
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    Logitech Harmony Remote Software
    Logitech Harmony Remote Software 7
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic Video Converter Trial Version (English) 8.0.2.18
    Malwarebytes Anti-Malware version 1.70.0.1100
    MediaCoder Audio Edition 0.6.2
    MediaInfo 0.7.27
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MKVtoolnix 3.1.0
    MobileMe Control Panel
    Mp3tag v2.49
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicmatch for Windows Media Player
    Nero 8
    neroxml
    Photodex Presenter
    PhotoScape
    Pos Free Photo Editor
    PowerDVD
    ProShow Gold
    QuickTime
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Replay Video Capture
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    ScanSoft OmniPage SE 4.0
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skins
    Skype Toolbars
    Skype™ 5.10
    Sonos Controller
    SpeedFan (remove only)
    Splashtop Streamer
    Spybot - Search & Destroy
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    VCRedistSetup
    Videora iPod Converter 6
    VLC media player 1.0.5
    VLC Streamer 2.04
    Vuze
    WebFldrs XP
    Winamp
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Youtube Grabber 4.2.9
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/21/2013 9:19:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
    1/21/2013 9:19:00 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/21/2013 8:05:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/17/2013 7:04:34 AM, error: NetDDE [206] - Listen failed: 15:
    1/17/2013 7:04:23 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D099BB3ED has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    1/17/2013 7:03:56 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
    .
    ==== End Of File ===========================

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-21 22:57:54
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA5BA 465.76GB
    Running: goqvpuih.exe; Driver: C:\DOCUME~1\Rich\LOCALS~1\Temp\pfryrpoc.sys

    ---- System - GMER 2.0 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB057C4BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB0651C22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB057CED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB05BE811]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB0587FA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB0587FF4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB0588176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB05BE1C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB0587F16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB0588038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB0587F5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB057D11C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB0588130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB057D93E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB057C508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB05BEED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB05BF18D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB05811C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB05BED42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB05BEBAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB0651CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB057C170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB057C556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB0581534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB057E3A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB0587FD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB0588016]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB058819A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB05BE521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB0587F3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB0580C3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB05880BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB0587F86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB0580F14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB0588154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB0651E4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB05BEA28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB057E272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB05BE87A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB057DDD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB065E7D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB05BD838]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB057C5A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB057C5F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB057D7BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB057C1FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB057C3AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB05BEFDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB057C350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB057DAF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB057DC54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB057C41A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB057D4D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB057D636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB065041C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB057C640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB057CF1A]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB066AE56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C40 80504538 2 Bytes [11, E8] {ADC EAX, EBP}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CB0651C
    .text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80504754 4 Bytes [28, EA, 5B, B0]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2EA0 80504798 4 Bytes [7A, E8, 5B, B0]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, C5, 57, B0, F2, C5, 57, ...]
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B057EA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B0667CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B0669810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B066AE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F52000, 0x18FFBC, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B0582B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B0582A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B05829F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B05820A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B05817C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B0582CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B0582EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B05828FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B0581688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B058216A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B0581C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B0581EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B0581670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B0582A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP B0581CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP B0581E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP B0582182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP B0582BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP B0582E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP B0582090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP B0581834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP B0581944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP B0581A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP B0581B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP B058156A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP B05820C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP B0581760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP B05818F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP B0581FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP B0582D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Rich\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[732] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1320] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006A1014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006A0C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006A0E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006A03FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006B0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006B0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006B0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006B01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006B03FC
    .text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\netdde.exe[1420] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007B1014
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007B0804
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007B0A08
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007B0C0C
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007B0E10
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007B01F8
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007B03FC
    .text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007B0600
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
    .text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
    .text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1720] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CA0804
    .text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CA0A08
    .text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00CA0600
    .text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00CA01F8
    .text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CA03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01B11014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01B10804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01B10A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01B10C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01B10E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01B101F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01B103FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01B10600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00791014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00790804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00790A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00790C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00790E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00790600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00811014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00810804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00810A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00810C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00810E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008101F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008103FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00810600
    .text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
    .text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
    .text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\IoctlSvc.exe[2372] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\winlogon.exe[2412] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
    .text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
    .text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D60804
    .text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D60A08
    .text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D60600
    .text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D601F8
    .text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D603FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C71014
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C70804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C70A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C70C0C
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C70E10
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C701F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C703FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C70600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01260804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01260A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01260600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012601F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012603FC
    .text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\secpro.exe[2484] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00EB1014
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00EB0804
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00EB0A08
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00EB0C0C
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00EB0E10
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00EB01F8
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EB03FC
    .text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00EB0600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B41014
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B40804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B40A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B40C0C
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B40E10
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B401F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B403FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B40600
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E71014
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E70804
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E70A08
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E70C0C
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E70E10
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E701F8
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E703FC
    .text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E70600
    .text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
    .text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00EF1014
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00EF0804
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00EF0A08
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00EF0C0C
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00EF0E10
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00EF01F8
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EF03FC
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00EF0600
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD0804
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CD0A08
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00CD0600
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00CD01F8
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CD03FC
    .text C:\WINDOWS\system32\csrss.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[3028] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3568] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    ---- User IAT/EAT - GMER 2.0 ----
    IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
    IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
    ---- EOF - GMER 2.0 ----
     
  2. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
  3. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
  4. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,003
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  6. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    Hi, Thanks for the response! I will paste the combofix log below. One thing I want to make you aware of.. from the time I put this request in to your response I have reset IE settingg back to default using the microsoft 'Fix It' tool on their site. It has helped to keep explorer from shutting down so I'm not sure if something got corrupted and that was the main issue or just a side effect of the malware/virus I may have gotten. Here is the log...

    ComboFix 13-02-06.01 - Rich 02/06/2013 16:10:17.5.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -5:00]
    Running from: c:\documents and settings\Rich\Desktop\puppy.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Guest\Application Data\Toolbar4
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0556fc8f70a9aca7d7bcd8ba92123627
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0576bb925bf6d71ea78c0d968579aba3
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\24234224fe547fa5f61335a325f858b5
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5192a89f761039a8f133e9c0e6f074cd
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5dcc33988f89c01e09411de1fadabde2
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\83ad61e99376761b1ad6ca7c90fe4e23
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8ab60027ede7a5409caf6d1f39cee25f
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8f1108fa39f3bc8170ca65bce26afa10
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9222ff6c3153356869fc34c2bec05e71
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b3df571fa6f6ff811aec53f4f8e39093
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b672745e0fa0b3d70622c3426bdb0fe6
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\c9430f8d5d64f3217a9e99836294f6c5
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d5df3e47dbba341f2f3587a30d3147a9
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\ec6799973f1db7f39bff366162a4850e
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
    c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
    c:\documents and settings\Rich\Application Data\Toolbar4
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
    c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-06 18:04 . 2013-02-06 18:04 -------- d-----w- c:\windows\LastGood
    2013-02-05 23:43 . 2013-02-05 23:53 -------- d-----w- c:\documents and settings\Julie
    2013-02-05 22:58 . 2013-02-05 22:58 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\Sun
    2013-02-05 22:58 . 2013-02-05 22:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-05 22:58 . 2013-02-05 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-22 02:18 . 2013-01-24 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-05 22:57 . 2008-05-21 17:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-05 22:57 . 2010-04-24 14:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2012-12-16 12:23 . 2004-08-10 16:50 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49 . 2009-01-31 16:05 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25 . 2004-08-10 16:51 1866368 ----a-w- c:\windows\system32\win32k.sys
    2011-12-21 02:10 235008 --shatr- c:\windows\system32\FltEng.dll
    2011-12-21 02:12 61440 --shatr- c:\windows\system32\secpro.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-05-21 17:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2007-07-16 23:48 69632 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-12-14 22:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    2007-10-04 22:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
    2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-03-25 02:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-04-02 14:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-02-28 22:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-08-12 17:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
    2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-12-14 21:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-02-18 21:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-04-28 21:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-07-16 23:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-30 04:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\GoFTP\\GoFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
    "c:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
    "c:\\Program Files\\Digiarty\\Air_Playit\\AirPS.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10757:UDP"= 10757:UDP:UDP 10757
    "22665:TCP"= 22665:TCP:TCP 22665
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/26/2011 4:35 PM 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/15/2009 5:16 AM 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/15/2009 5:16 AM 21256]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
    S2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [3/4/2012 11:48 PM 61440]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
    S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
    S3 SKLProService;Run software as Windows service;c:\program files\ProKAward\aklservice.exe --> c:\program files\ProKAward\aklservice.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
    .
    2013-02-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-22 23:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    MSConfigStartUp-freeklogger - c:\program files\FK_Monitor\freeklogger.exe
    MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-06 16:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    .
    Completion time: 2013-02-06 16:15:15
    ComboFix-quarantined-files.txt 2013-02-06 21:15
    ComboFix2.txt 2012-02-26 00:27
    .
    Pre-Run: 445,555,990,528 bytes free
    Post-Run: 445,789,196,288 bytes free
    .
    - - End Of File - - 1E13BD01F6FA84E7B33F477F3897991A
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,003
    Were you aware that you had a keylogger on the system? ComboFix has removed leftovers from it.

    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. At the top put a check mark in the box beside "Scan All Users".
    5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
    6. Now click the Run Scan button on the toolbar.
    7. Let it run unhindered until it finishes.
    8. When the scan is complete Notepad will open with the report file loaded in it.
    9. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  8. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    I was aware of the keylogger, uninstalled quite awhile ago, but apparently not completely.

    OTS.Txt attached.

    thanks!
     

    Attached Files:

    • OTS.Txt
      File size:
      113.3 KB
      Views:
      1
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,003
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    YY -> HKLM\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} -> C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
    [Files/Folders - Created Within 30 Days]
    NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files - No Company Name]
    NY ->  svcdotnet.inc -> C:\Documents and Settings\All Users\Application Data\svcdotnet.inc
    NY ->  svcdotnet.cfg -> C:\Documents and Settings\All Users\Application Data\svcdotnet.cfg
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Start Explorer]
    [Reboot] 
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,003
    You should also remove the following from your Trusted Sites zone because putting them effective allows anything from those sites to bypass secure measures on your machine:

    amazon.com
    hulu.com
    netflix.com
    youtube.com .
     
  11. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    Hi, Log file of the previous fix code that was run is below. Also, I did not see the sites you mentioned in the 'Trusted Zone' sites under IE... there was nothing there. Thanks.

    All Processes Killed
    [Registry - Safe List]
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\ not found.
    File C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
    [Files/Folders - Created Within 30 Days]
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    [Files - No Company Name]
    C:\Documents and Settings\All Users\Application Data\svcdotnet.inc moved successfully.
    C:\Documents and Settings\All Users\Application Data\svcdotnet.cfg moved successfully.
    [Empty Temp Folders]


    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 355799 bytes
    ->Flash cache emptied: 1517 bytes

    User: Julie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 492 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Rich
    ->Temp folder emptied: 13919 bytes
    ->Temporary Internet Files folder emptied: 2703654 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Julie
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Rich
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: Guest

    User: Julie

    User: LocalService

    User: NetworkService

    User: Rich
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02072013_173652
    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    Registry entries deleted on Reboot...
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,003
    Go to Start - Run and copy and paste the following then click OK:

    Code:
    regedit /e C:\look.txt "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt.

    Then follow the same procedure to run this command:

    Code:
    regedit /e C:\look2.txt "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    The log for the second export will be named C:\look2.txt. Please upload both logs as attachments as they will be very long.
     
  13. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    All set. Logs attached.
     
  14. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    Says upload failed when I try to attach the look.txt files. I'll try again but I'm not sure why they won't attach.
     
  15. richie71

    richie71 Thread Starter

    Joined:
    Sep 27, 2009
    Messages:
    43
    Maybe they were too big. I zipped them and attached.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086345

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice