Malware/Virus Removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

richie71

Thread Starter
Joined
Sep 27, 2009
Messages
43
I believe my PC is infected with a virus. Many times when opening Internet Explorer the program immediatly shuts itself down. The PC has been very slow lately also. Most times when I run Malwarebytes and Spybot it does find threats. Below are the files hijackthis log, dds.txt, attach.txt, and ark.txt. Thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:59 PM, on 1/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\secpro.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\iSafe\wpk.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6409] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1391] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://secure.solutionset.com/XTSAC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1356742133296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341751383043
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://stories.scrapbooksetc.com/create/DragDropUploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\WINDOWS\system32\secpro.exe
O23 - Service: Run software as Windows service (SKLProService) - Unknown owner - C:\Program Files\ProKAward\aklservice.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 10399 bytes


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Rich at 22:52:18 on 2013-01-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2344 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\secpro.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\isafe\wpk.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRunOnce: [SpybotDeletingF1391] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [SpybotDeletingE6409] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://secure.solutionset.com/XTSAC.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356742133296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341751383043
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{8AC4E8EC-C5A5-4B9A-AA86-3F43AB002F43} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-15 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-15 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 44808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
R2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [2012-3-4 61440]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-11-28 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-10-16 386920]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-21 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
S3 SKLProService;Run software as Windows service;c:\program files\prokaward\aklservice.exe --> c:\program files\prokaward\aklservice.exe [?]
.
=============== Created Last 30 ================
.
2013-01-22 02:18:42 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 02:18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-28 20:59:00 -------- d-----w- c:\program files\Air Stream Server
2012-12-28 20:41:09 -------- d-----w- c:\documents and settings\rich\local settings\application data\Splashtop
2012-12-28 20:38:51 -------- d-----w- c:\documents and settings\all users\application data\Splashtop
2012-12-28 20:38:25 -------- d-----w- c:\program files\Splashtop
2012-12-28 20:38:00 -------- d-----w- c:\documents and settings\rich\local settings\application data\{AB7CBD6B-0741-4997-8430-950DB17CC940}
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2011-12-21 02:10:40 235008 --shatr- c:\windows\system32\FltEng.dll
2011-12-21 02:12:54 61440 --shatr- c:\windows\system32\secpro.exe
.
============= FINISH: 22:52:50.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2008 6:25:28 PM
System Uptime: 1/20/2013 7:34:57 AM (39 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 462 GiB total, 227.831 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 699 GiB total, 146.909 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1626: 10/24/2012 10:44:17 PM - System Checkpoint
RP1627: 10/25/2012 10:51:04 PM - System Checkpoint
RP1628: 10/26/2012 11:57:39 PM - System Checkpoint
RP1629: 10/28/2012 12:05:32 AM - System Checkpoint
RP1630: 10/29/2012 1:05:33 AM - System Checkpoint
RP1631: 10/30/2012 2:05:37 AM - System Checkpoint
RP1632: 10/31/2012 3:05:37 AM - System Checkpoint
RP1633: 11/1/2012 10:06:43 AM - System Checkpoint
RP1634: 11/2/2012 10:27:12 AM - System Checkpoint
RP1635: 11/3/2012 10:35:01 AM - System Checkpoint
RP1636: 11/4/2012 9:52:57 AM - System Checkpoint
RP1637: 11/5/2012 11:23:01 AM - System Checkpoint
RP1638: 11/6/2012 11:55:28 AM - System Checkpoint
RP1639: 11/7/2012 12:24:55 PM - System Checkpoint
RP1640: 11/8/2012 12:35:24 PM - System Checkpoint
RP1641: 11/9/2012 1:59:22 PM - System Checkpoint
RP1642: 11/10/2012 2:06:22 PM - System Checkpoint
RP1643: 11/11/2012 2:18:21 PM - System Checkpoint
RP1644: 11/12/2012 3:40:59 PM - System Checkpoint
RP1645: 11/13/2012 4:20:47 PM - System Checkpoint
RP1646: 11/14/2012 4:23:40 PM - System Checkpoint
RP1647: 11/15/2012 5:09:43 PM - System Checkpoint
RP1648: 11/15/2012 5:18:46 PM - Software Distribution Service 3.0
RP1649: 11/16/2012 5:43:44 PM - System Checkpoint
RP1650: 11/17/2012 6:13:12 PM - System Checkpoint
RP1651: 11/18/2012 6:34:55 PM - System Checkpoint
RP1652: 11/19/2012 7:14:23 PM - System Checkpoint
RP1653: 11/20/2012 8:13:17 PM - System Checkpoint
RP1654: 11/21/2012 9:25:39 PM - System Checkpoint
RP1655: 11/22/2012 9:45:29 PM - System Checkpoint
RP1656: 11/23/2012 10:45:30 PM - System Checkpoint
RP1657: 11/24/2012 11:45:31 PM - System Checkpoint
RP1658: 11/26/2012 12:26:08 AM - System Checkpoint
RP1659: 11/27/2012 12:26:15 AM - System Checkpoint
RP1660: 11/28/2012 1:26:13 AM - System Checkpoint
RP1661: 11/29/2012 2:38:13 AM - System Checkpoint
RP1662: 11/30/2012 3:26:14 AM - System Checkpoint
RP1663: 12/1/2012 3:38:17 AM - System Checkpoint
RP1664: 12/2/2012 3:39:45 AM - System Checkpoint
RP1665: 12/3/2012 4:01:49 AM - System Checkpoint
RP1666: 12/4/2012 5:01:49 AM - System Checkpoint
RP1667: 12/5/2012 5:53:36 AM - System Checkpoint
RP1668: 12/6/2012 6:53:26 AM - System Checkpoint
RP1669: 12/7/2012 7:17:44 AM - System Checkpoint
RP1670: 12/8/2012 7:40:17 AM - System Checkpoint
RP1671: 12/9/2012 7:52:20 AM - System Checkpoint
RP1672: 12/10/2012 7:55:53 AM - System Checkpoint
RP1673: 12/11/2012 9:42:35 AM - System Checkpoint
RP1674: 12/12/2012 8:36:22 AM - Software Distribution Service 3.0
RP1675: 12/13/2012 9:30:35 AM - System Checkpoint
RP1676: 12/14/2012 10:28:29 AM - System Checkpoint
RP1677: 12/15/2012 11:07:04 AM - System Checkpoint
RP1678: 12/16/2012 12:13:18 PM - System Checkpoint
RP1679: 12/17/2012 12:28:30 PM - System Checkpoint
RP1680: 12/18/2012 12:42:34 PM - System Checkpoint
RP1681: 12/19/2012 12:42:51 PM - System Checkpoint
RP1682: 12/20/2012 12:43:55 PM - System Checkpoint
RP1683: 12/21/2012 12:49:43 PM - System Checkpoint
RP1684: 12/21/2012 10:42:59 PM - Software Distribution Service 3.0
RP1685: 12/22/2012 10:45:07 PM - System Checkpoint
RP1686: 12/23/2012 11:57:09 PM - System Checkpoint
RP1687: 12/25/2012 6:51:06 AM - System Checkpoint
RP1688: 12/26/2012 11:13:20 AM - System Checkpoint
RP1689: 12/27/2012 11:56:16 AM - System Checkpoint
RP1690: 12/28/2012 12:57:25 PM - System Checkpoint
RP1691: 12/28/2012 3:38:18 PM - Installed Splashtop Streamer
RP1692: 12/29/2012 3:39:20 PM - System Checkpoint
RP1693: 12/30/2012 3:40:39 PM - System Checkpoint
RP1694: 12/31/2012 3:51:34 PM - System Checkpoint
RP1695: 1/1/2013 3:51:41 PM - System Checkpoint
RP1696: 1/2/2013 5:12:13 PM - System Checkpoint
RP1697: 1/3/2013 5:46:23 PM - System Checkpoint
RP1698: 1/4/2013 1:20:27 PM - Software Distribution Service 3.0
RP1699: 1/5/2013 1:48:33 PM - System Checkpoint
RP1700: 1/6/2013 2:21:18 PM - System Checkpoint
RP1701: 1/7/2013 3:06:19 PM - System Checkpoint
RP1702: 1/8/2013 3:08:25 PM - System Checkpoint
RP1703: 1/9/2013 1:46:19 PM - Software Distribution Service 3.0
RP1704: 1/10/2013 2:06:19 PM - System Checkpoint
RP1705: 1/11/2013 5:24:51 PM - System Checkpoint
RP1706: 1/12/2013 6:24:06 PM - System Checkpoint
RP1707: 1/13/2013 6:58:33 PM - System Checkpoint
RP1708: 1/14/2013 7:25:43 PM - System Checkpoint
RP1709: 1/15/2013 6:06:30 PM - Software Distribution Service 3.0
RP1710: 1/16/2013 6:18:22 PM - System Checkpoint
RP1711: 1/17/2013 6:43:41 PM - System Checkpoint
RP1712: 1/18/2013 7:18:21 PM - System Checkpoint
RP1713: 1/19/2013 7:18:42 PM - System Checkpoint
RP1714: 1/20/2013 7:39:40 PM - System Checkpoint
RP1715: 1/21/2013 10:11:31 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
Adobe Reader X (10.1.5)
Air Playit 1.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Display Driver
avast! Free Antivirus
AviSynth 2.5
Azureus
Bonjour
Browser Address Error Redirector
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon MP Navigator 3.0
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Utilities Easy-PhotoPrint
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell Driver Download Manager
Dell Driver Reset Tool
Documentation & Support Launcher
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
erLT
ESET Online Scanner v3
ffdshow [rev 2019] [2008-06-22]
Free YouTube to Mp3 Converter version 3.1
Games, Music, & Photos Launcher
GetFLV Pro 5.8
GoFTP v2
GoToAssist 8.0.0.514
HandBrake 0.9.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 5
K-Lite Codec Pack 4.0.0 (Full)
LeapFrog Connect
LeapFrog Leapster2 Plugin
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Video Converter Trial Version (English) 8.0.2.18
Malwarebytes Anti-Malware version 1.70.0.1100
MediaCoder Audio Edition 0.6.2
MediaInfo 0.7.27
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKVtoolnix 3.1.0
MobileMe Control Panel
Mp3tag v2.49
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Nero 8
neroxml
Photodex Presenter
PhotoScape
Pos Free Photo Editor
PowerDVD
ProShow Gold
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Replay Video Capture
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Skype Toolbars
Skype™ 5.10
Sonos Controller
SpeedFan (remove only)
Splashtop Streamer
Spybot - Search & Destroy
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
VCRedistSetup
Videora iPod Converter 6
VLC media player 1.0.5
VLC Streamer 2.04
Vuze
WebFldrs XP
Winamp
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Youtube Grabber 4.2.9
.
==== Event Viewer Messages From Past Week ========
.
1/21/2013 9:19:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/21/2013 9:19:00 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 8:05:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/17/2013 7:04:34 AM, error: NetDDE [206] - Listen failed: 15:
1/17/2013 7:04:23 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D099BB3ED has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
1/17/2013 7:03:56 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
.
==== End Of File ===========================

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-21 22:57:54
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA5BA 465.76GB
Running: goqvpuih.exe; Driver: C:\DOCUME~1\Rich\LOCALS~1\Temp\pfryrpoc.sys

---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB057C4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB0651C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB057CED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB05BE811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB0587FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB0587FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB0588176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB05BE1C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB0587F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB0588038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB0587F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB057D11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB0588130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB057D93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB057C508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB05BEED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB05BF18D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB05811C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB05BED42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB05BEBAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB0651CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB057C170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB057C556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB0581534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB057E3A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB0587FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB0588016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB058819A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB05BE521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB0587F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB0580C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB05880BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB0587F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB0580F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB0588154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB0651E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB05BEA28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB057E272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB05BE87A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB057DDD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB065E7D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB05BD838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB057C5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB057C5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB057D7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB057C1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB057C3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB05BEFDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB057C350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB057DAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB057DC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB057C41A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB057D4D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB057D636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB065041C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB057C640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB057CF1A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB066AE56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C40 80504538 2 Bytes [11, E8] {ADC EAX, EBP}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CB0651C
.text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80504754 4 Bytes [28, EA, 5B, B0]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EA0 80504798 4 Bytes [7A, E8, 5B, B0]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, C5, 57, B0, F2, C5, 57, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B057EA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B0667CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B0669810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B066AE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F52000, 0x18FFBC, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B0582B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B0582A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B05829F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B05820A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B05817C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B0582CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B0582EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B05828FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B0581688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B058216A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B0581C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B0581EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B0581670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B0582A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP B0581CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP B0581E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP B0582182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP B0582BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP B0582E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP B0582090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP B0581834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP B0581944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP B0581A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP B0581B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP B058156A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP B05820C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP B0581760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP B05818F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP B0581FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP B0582D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Rich\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[732] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1320] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006A1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006A0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006A0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006A03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006B0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006B0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006B0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006B01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006B03FC
.text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\netdde.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\netdde.exe[1420] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007B1014
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007B0804
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007B0A08
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007B0C0C
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007B0E10
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007B01F8
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007B03FC
.text C:\WINDOWS\system32\netdde.exe[1420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007B0600
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1720] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[1720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CA0804
.text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CA0A08
.text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00CA0600
.text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00CA01F8
.text C:\WINDOWS\Explorer.EXE[1720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CA03FC
.text C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01B11014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01B10804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01B10A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01B10C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01B10E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01B101F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01B103FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01B10600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00791014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00790804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00790A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00790C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00790E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00790600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00811014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00810804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00810A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00810C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00810E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008101F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008103FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00810600
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2124] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe[2200] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2244] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\IoctlSvc.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\IoctlSvc.exe[2372] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2396] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[2412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[2412] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\winlogon.exe[2412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D60804
.text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D60A08
.text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D60600
.text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D601F8
.text C:\WINDOWS\system32\winlogon.exe[2412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D603FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C71014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C70804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C70A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C70C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C70E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C701F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C703FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C70600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01260804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01260A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01260600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012601F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012603FC
.text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\secpro.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\secpro.exe[2484] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2516] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00EB1014
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00EB0804
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00EB0A08
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00EB0C0C
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00EB0E10
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00EB01F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EB03FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00EB0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B41014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B40804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B40A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B40C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B40E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B401F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B403FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B40600
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E71014
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E70804
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E70A08
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E70C0C
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E70E10
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E701F8
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E703FC
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E70600
.text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
.text C:\WINDOWS\system32\svchost.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Rich\Desktop\goqvpuih.exe[2872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00EF1014
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00EF0804
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00EF0A08
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00EF0C0C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00EF0E10
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00EF01F8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EF03FC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00EF0600
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD0804
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CD0A08
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00CD0600
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00CD01F8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CD03FC
.text C:\WINDOWS\system32\csrss.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[3028] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3568] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
---- EOF - GMER 2.0 ----
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,576
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 

richie71

Thread Starter
Joined
Sep 27, 2009
Messages
43
Hi, Thanks for the response! I will paste the combofix log below. One thing I want to make you aware of.. from the time I put this request in to your response I have reset IE settingg back to default using the microsoft 'Fix It' tool on their site. It has helped to keep explorer from shutting down so I'm not sure if something got corrupted and that was the main issue or just a side effect of the malware/virus I may have gotten. Here is the log...

ComboFix 13-02-06.01 - Rich 02/06/2013 16:10:17.5.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\puppy.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Application Data\Toolbar4
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0556fc8f70a9aca7d7bcd8ba92123627
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0576bb925bf6d71ea78c0d968579aba3
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\24234224fe547fa5f61335a325f858b5
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5192a89f761039a8f133e9c0e6f074cd
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5dcc33988f89c01e09411de1fadabde2
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\83ad61e99376761b1ad6ca7c90fe4e23
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8ab60027ede7a5409caf6d1f39cee25f
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8f1108fa39f3bc8170ca65bce26afa10
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9222ff6c3153356869fc34c2bec05e71
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b3df571fa6f6ff811aec53f4f8e39093
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b672745e0fa0b3d70622c3426bdb0fe6
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\c9430f8d5d64f3217a9e99836294f6c5
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d5df3e47dbba341f2f3587a30d3147a9
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\ec6799973f1db7f39bff366162a4850e
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
c:\documents and settings\Guest\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
c:\documents and settings\Rich\Application Data\Toolbar4
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
c:\documents and settings\Rich\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
.
.
2013-02-06 18:04 . 2013-02-06 18:04 -------- d-----w- c:\windows\LastGood
2013-02-05 23:43 . 2013-02-05 23:53 -------- d-----w- c:\documents and settings\Julie
2013-02-05 22:58 . 2013-02-05 22:58 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\Sun
2013-02-05 22:58 . 2013-02-05 22:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-05 22:58 . 2013-02-05 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 02:18 . 2013-01-24 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 22:57 . 2008-05-21 17:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-05 22:57 . 2010-04-24 14:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23 . 2004-08-10 16:50 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2009-01-31 16:05 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-10 16:51 1866368 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 02:10 235008 --shatr- c:\windows\system32\FltEng.dll
2011-12-21 02:12 61440 --shatr- c:\windows\system32\secpro.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-21 17:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-16 23:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 22:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 22:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 14:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-12-14 21:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 21:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 21:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-16 23:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 04:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GoFTP\\GoFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
"c:\\Program Files\\Digiarty\\Air_Playit\\AirPS.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10757:UDP"= 10757:UDP:UDP 10757
"22665:TCP"= 22665:TCP:TCP 22665
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/26/2011 4:35 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/15/2009 5:16 AM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/15/2009 5:16 AM 21256]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
S2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [3/4/2012 11:48 PM 61440]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 SKLProService;Run software as Windows service;c:\program files\ProKAward\aklservice.exe --> c:\program files\ProKAward\aklservice.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-02-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-22 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
MSConfigStartUp-freeklogger - c:\program files\FK_Monitor\freeklogger.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-06 16:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2013-02-06 16:15:15
ComboFix-quarantined-files.txt 2013-02-06 21:15
ComboFix2.txt 2012-02-26 00:27
.
Pre-Run: 445,555,990,528 bytes free
Post-Run: 445,789,196,288 bytes free
.
- - End Of File - - 1E13BD01F6FA84E7B33F477F3897991A
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,576
Were you aware that you had a keylogger on the system? ComboFix has removed leftovers from it.

Download OTS.exe to your Desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Double-click on OTS.exe to start the program.
  4. At the top put a check mark in the box beside "Scan All Users".
  5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
  6. Now click the Run Scan button on the toolbar.
  7. Let it run unhindered until it finishes.
  8. When the scan is complete Notepad will open with the report file loaded in it.
  9. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

richie71

Thread Starter
Joined
Sep 27, 2009
Messages
43
I was aware of the keylogger, uninstalled quite awhile ago, but apparently not completely.

OTS.Txt attached.

thanks!
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,576
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} -> C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files - No Company Name]
NY ->  svcdotnet.inc -> C:\Documents and Settings\All Users\Application Data\svcdotnet.inc
NY ->  svcdotnet.cfg -> C:\Documents and Settings\All Users\Application Data\svcdotnet.cfg
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,576
You should also remove the following from your Trusted Sites zone because putting them effective allows anything from those sites to bypass secure measures on your machine:

amazon.com
hulu.com
netflix.com
youtube.com .
 

richie71

Thread Starter
Joined
Sep 27, 2009
Messages
43
Hi, Log file of the previous fix code that was run is below. Also, I did not see the sites you mentioned in the 'Trusted Zone' sites under IE... there was nothing there. Thanks.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\ not found.
File C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files - No Company Name]
C:\Documents and Settings\All Users\Application Data\svcdotnet.inc moved successfully.
C:\Documents and Settings\All Users\Application Data\svcdotnet.cfg moved successfully.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 355799 bytes
->Flash cache emptied: 1517 bytes

User: Julie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Rich
->Temp folder emptied: 13919 bytes
->Temporary Internet Files folder emptied: 2703654 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Julie
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Rich
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Guest

User: Julie

User: LocalService

User: NetworkService

User: Rich
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02072013_173652
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,576
Go to Start - Run and copy and paste the following then click OK:

Code:
regedit /e C:\look.txt "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt.

Then follow the same procedure to run this command:

Code:
regedit /e C:\look2.txt "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
The log for the second export will be named C:\look2.txt. Please upload both logs as attachments as they will be very long.
 

richie71

Thread Starter
Joined
Sep 27, 2009
Messages
43
Says upload failed when I try to attach the look.txt files. I'll try again but I'm not sure why they won't attach.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top