Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow Computer - McAfee Scan turms itself Off

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 26th, 2011, 5:37 pm

Please Help!!

Computer running really slow. McAfee says computer at risk, real time scanning turns itself off.

Have booted in safe-mode and run MWB. Had error pum.bad.proxy. Had MWB fix, and problem still exists.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by cdhastings at 14:19:35 on 2011-09-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.439 [GMT -7:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Windows\vVX6000.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.att.net/ie4/search/index.html
uStart Page = hxxp://att.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.att.net
mSearch Page = hxxp://www.att.net/ie4/search/index.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110914193132.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\cdhast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-l ... cfscan.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AC4CB9C9-08B7-470B-A78B-66A8A247A437} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-1 461864]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-1 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-1 164776]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-1 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-1 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-1 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-1 338040]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-1 87808]
.
=============== Created Last 30 ================
.
2011-09-26 20:55:48 388096 ----a-r- c:\users\cdhastings\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-26 20:55:20 -------- d-----w- c:\program files\Trend Micro
2011-09-14 10:02:46 -------- d-----w- C:\551981fce3c7ff94a607b0f044e9
2011-09-14 00:32:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-09-22 22:06:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 17:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 17:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 17:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 17:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 17:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 17:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 17:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 17:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 17:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 17:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 14:23:43.69 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/10/2007 4:56:00 PM
System Uptime: 9/26/2011 9:31:41 AM (5 hours ago)
.
Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1900/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 78.175 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.464 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
==== System Restore Points ===================
.
RP983: 8/9/2011 10:46:54 PM - Scheduled Checkpoint
RP984: 8/10/2011 3:00:33 AM - Windows Update
RP985: 8/10/2011 11:26:12 PM - Scheduled Checkpoint
RP986: 8/15/2011 7:48:40 AM - Scheduled Checkpoint
RP987: 8/17/2011 4:16:14 PM - Scheduled Checkpoint
RP988: 8/23/2011 11:13:26 AM - Scheduled Checkpoint
RP989: 8/24/2011 3:00:36 AM - Windows Update
RP990: 8/28/2011 11:05:24 PM - Scheduled Checkpoint
RP991: 8/29/2011 2:05:08 PM - Scheduled Checkpoint
RP992: 9/7/2011 3:00:50 AM - Windows Update
RP993: 9/14/2011 3:00:29 AM - Windows Update
RP994: 9/15/2011 11:23:25 PM - Windows Update
RP996: 9/25/2011 11:10:39 AM - Scheduled Checkpoint
RP997: 9/26/2011 1:53:17 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.4.6
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
AT&T Yahoo! Music Jukebox
Audit Support Center 1.0
Bing Bar
Bing Rewards Client Installer
Bonjour
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Personal Printing Guide
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chinese Traditional Fonts Support For Adobe Reader 9
Conexant D850 PCI V.92 Modem
Corel Snapfire Plus
Coupon Printer for Windows
CyberView X - SF v1.18c
Dell Driver Download Manager
Dell Games
Dell Support Center
Dell System Customization Wizard
DellSupport
Digital Line Detect
Documentation & Support Launcher
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iGolf Neo Sync Application v3.0.2
Internet Service Offers Launcher
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Palm Desktop
Photo Viewer
PL-2303 USB Driver
PL-2303 Vista Driver Installer
Presto! PageManager 7.15.16
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio MyDVD Premier
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VoiceOver Kit
WexTech AnswerWorks
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 2:04:35 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/25/2011 11:15:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/24/2011 9:19:51 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 7:02:26 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 1:50:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/22/2011 1:47:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
9/22/2011 1:47:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 1:46:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/22/2011 1:46:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/22/2011 1:46:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/22/2011 1:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/22/2011 1:46:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/22/2011 1:32:16 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/22/2011 1:30:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/22/2011 1:29:15 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/22/2011 1:08:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/19/2011 12:05:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
9/19/2011 12:05:14 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2011 12:04:14 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2011 12:04:14 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/19/2011 12:04:13 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.
9/19/2011 11:32:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
.
==== End Of File ===========================
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm
Advertisement
Register to Remove

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby deltalima » September 27th, 2011, 4:27 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby deltalima » September 27th, 2011, 4:36 pm

Hi nNeedofHelp,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 27th, 2011, 7:02 pm

Thank you for your time. It is greatly appreciated!!

OTL

OTL logfile created on: 9/27/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\cdhastings\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 322.36 Mb Available Physical Memory | 33.66% Memory free
2.13 Gb Paging File | 0.95 Gb Available in Paging File | 44.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 77.53 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.46 Gb Free Space | 54.64% Space Free | Partition Type: NTFS

Computer Name: CDHASTINGS-PC | User Name: cdhastings | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cdhastings\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\McAfee\MSK\mskapbho.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Lang\att-en-us\ymetray-att-en-us.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (0301061317089297mcinstcleanup) McAfee Application Installer Cleanup (0301061317089297) -- C:\Windows\Temp\0301061317089297mcinst.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LMIRescue) -- C:\Windows\LMIDC.tmp\rescue.exe (LogMeIn, Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/ie4/search/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811



IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/ie4/search/index.html
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.att.net/ [binary data]
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 23:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/09/26 14:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/09/26 19:12:06 | 000,000,000 | ---D | M]

[2011/02/21 22:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdhastings\AppData\Roaming\Mozilla\Extensions
[2011/02/21 22:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdhastings\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Yahoo! ()
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110914193132.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-64214283-4165003091-436595274-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-64214283-4165003091-436595274-1000..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC4CB9C9-08B7-470B-A78B-66A8A247A437}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\cdhastings\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\cdhastings\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 15:43:07 | 004,228,780 | ---- | C] (Swearware) -- C:\Users\cdhastings\Desktop\ComboFix.exe
[2011/09/26 15:21:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\cdhastings\Desktop\OTL.exe
[2011/09/26 15:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/09/26 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\cdhastings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/26 13:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/14 03:02:46 | 000,000,000 | ---D | C] -- C:\551981fce3c7ff94a607b0f044e9
[2006/09/14 09:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 15:55:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/27 15:48:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 15:48:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 15:47:33 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/27 15:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 12:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 12:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/09/26 15:44:32 | 004,228,780 | ---- | M] (Swearware) -- C:\Users\cdhastings\Desktop\ComboFix.exe
[2011/09/26 15:40:12 | 000,302,592 | ---- | M] () -- C:\Users\cdhastings\Desktop\icjvc6po.exe
[2011/09/26 15:21:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\cdhastings\Desktop\OTL.exe
[2011/09/26 15:07:08 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/09/26 15:06:49 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/09/26 15:06:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6aa46af8380.job
[2011/09/26 13:55:38 | 000,001,958 | ---- | M] () -- C:\Users\cdhastings\Desktop\HiJackThis.lnk
[2011/09/22 15:06:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/20 23:07:39 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/15 23:35:02 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/15 23:35:02 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/14 20:13:49 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/14 12:46:30 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 15:40:08 | 000,302,592 | ---- | C] () -- C:\Users\cdhastings\Desktop\icjvc6po.exe
[2011/09/26 13:55:38 | 000,001,958 | ---- | C] () -- C:\Users\cdhastings\Desktop\HiJackThis.lnk
[2011/02/21 18:03:58 | 000,028,423 | ---- | C] () -- C:\Windows\System32\iGolfneosync_uninst.exe
[2011/02/21 16:04:53 | 000,000,023 | ---- | C] () -- C:\Windows\Neo Firmware Update.INI
[2010/10/09 13:23:31 | 000,000,680 | ---- | C] () -- C:\Users\cdhastings\AppData\Local\d3d9caps.dat
[2009/10/14 22:09:43 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/08/18 12:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 12:25:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/21 17:52:42 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/04/21 13:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\PF1800LC.Dll
[2009/04/21 13:27:38 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PWiaExt.dll
[2009/04/21 13:27:38 | 000,010,624 | ---- | C] () -- C:\Windows\System32\GENEUSB.SYS
[2009/04/21 13:27:38 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\GENEUSB.SYS
[2009/04/21 13:27:37 | 000,155,648 | ---- | C] () -- C:\Windows\System32\daspi32u.dll
[2009/04/21 13:27:37 | 000,106,496 | ---- | C] () -- C:\Windows\System32\IO_PORT.DLL
[2009/04/21 13:27:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\FVC.DLL
[2009/04/21 13:27:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SQ1394.DLL
[2009/04/21 13:27:37 | 000,000,234 | ---- | C] () -- C:\Windows\Scanner.ini
[2009/01/31 13:13:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/28 14:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\marscam.ini
[2008/11/21 18:21:53 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/11/21 18:19:45 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/10/16 23:51:40 | 000,000,023 | ---- | C] () -- C:\Windows\System32\presets.ini
[2007/10/09 18:38:17 | 000,000,560 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/10/09 18:34:59 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2007/09/11 20:26:25 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 14:15:50 | 000,000,162 | ---- | C] () -- C:\Windows\WinInit.Ini
[2007/09/01 23:01:54 | 000,001,316 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/05/20 18:45:19 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini
[2007/05/17 21:49:14 | 000,040,448 | ---- | C] () -- C:\Users\cdhastings\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 15:46:44 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2007/01/03 05:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,322,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/02/12 07:12:54 | 000,000,181 | ---- | C] () -- C:\Windows\System32\lxbrcoin.ini

< End of report >

Extras

OTL Extras logfile created on: 9/27/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\cdhastings\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 322.36 Mb Available Physical Memory | 33.66% Memory free
2.13 Gb Paging File | 0.95 Gb Available in Paging File | 44.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 77.53 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.46 Gb Free Space | 54.64% Space Free | Partition Type: NTFS

Computer Name: CDHASTINGS-PC | User Name: cdhastings | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- IExplore
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6649ADCD-C380-4C0A-A9AF-7684CCF64946}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B33749E-F72B-4320-94E1-DF181BD7768D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{6D467BDA-BB6D-4C83-A4EA-04362D0938DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{8DDB1483-DDA2-4779-99B1-2E16B1DB1B04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CAE76304-B3EC-47DD-A998-69F88893E786}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6FB4D5D-6835-4C54-8796-250E0BBE1C30}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10355AF4-154F-4B1A-AC60-A07101C114F6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{11330F3F-418F-4851-87FC-F2EA74C53E80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{182E629E-9F55-4030-B669-E7C925931BD1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1A6D2493-A977-4702-9DED-E7E8DCE92C12}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1B84C457-EE41-4BE6-B8F5-27F3F405495A}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{2135C42B-0757-439D-A0EA-AE7D503CC96C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{247E14B0-4A65-4AD0-A3A9-EB030F3AD450}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{24EEE298-D778-4F27-862E-1BCFB4689DE2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3102EA34-783D-4DC7-9E2A-E10B8E2BD5F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{333BF356-DFF9-4AE3-8E6C-14C67FA165E3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3922D231-7937-48A6-A63A-FBFAED7360A4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{4FD84A35-96BC-4EB7-A305-3D7FE5C2D9DF}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{524895F9-C1DC-4BFD-9995-7E90A0E82D7F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{534F0B37-9746-4CDD-B5E9-A8967F147A99}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5D9AAEC9-86BD-4BEC-B265-C17AF8A007FD}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{609DD491-3A12-4BA3-A1C3-D537D1C3C4EC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{61CB1D9F-3A3B-4DC3-A35C-36AACF056C7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{658C2FBE-AB78-46F0-892B-C1AEADD91930}" = protocol=6 | dir=in | app=c:\program files\yahoo!\upnp\yupnpsrv.exe |
"{67A92A80-610A-4A80-8146-C4705579FAED}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{7AFA31C3-1D68-4C1A-9BE0-2D824FFC9AB3}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{83757A2E-AB19-4D7E-B397-8459997B1709}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{87A6CFE3-A4D0-4FDC-922D-94957941F8BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B523354-8A68-46D9-8B85-971EEE3AD2B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92824F26-CD14-42D6-83F1-54D49F2E9C06}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{9D46FE9A-7727-4657-AF7F-85A7E20FF256}" = protocol=17 | dir=in | app=c:\program files\yahoo!\upnp\yupnpsrv.exe |
"{9F82C13F-06A0-4EE9-8960-84F57F530347}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{A3DBEFC6-E512-44D5-8BEC-AE3470B72314}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{A4E0A750-EB75-452C-8116-5DAD3E8E36CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A66A8FFF-B490-45D0-9205-D799E6F309F4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B2C4DDE3-567E-42F2-ACDB-AC0975404725}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B6B335A9-930F-4FE8-BBFB-666AB94A7355}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B7549DFD-3D41-44D1-9944-6C6F7FFD231A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7626C8B-D217-42E4-9E9F-8B952CD9A198}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BB0A52A0-07DF-4B51-B0E5-02E7CBFCE345}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{C1B65F82-FE58-4B00-A366-29670818C741}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{C2ACB6C1-4BB3-4FD9-BEAA-2668521665FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2CA34E2-916B-4787-B4C8-13D754B731F0}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{CA18A851-7307-48E3-89D7-493310EDEE63}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{CA347680-01E0-4D35-B237-D7ADF1B78F02}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{CD211DDE-5AE0-47DA-A986-2F7B2286EDB6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D1B4610B-E0E8-49DF-B2BA-9C673EED90AB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{DC9BB12E-0E4C-4A29-8EA0-7FEDAEA503CB}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{F19AD552-439C-43E1-92AC-4EFE488A335A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F2E17BC7-7A04-40EA-A908-4CDC351D34DB}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{F365411E-F1EC-41CE-8043-F92B085C5BF1}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{FE329779-B3BE-466D-9228-CC1C7DF86282}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{FF8C865E-2064-46DB-8640-0D55E963D669}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"TCP Query User{28F0AEB9-1B12-48A4-B7BC-C6422CE13924}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D8DB1604-8EE7-4A85-95E0-4B8FA574775F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.18c
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Audit Support Center" = Audit Support Center 1.0
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Support Center" = Dell Support Center
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iGolf Neo Sync" = iGolf Neo Sync Application v3.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PL2303" = PL-2303 USB Driver
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WildTangent dell Master Uninstall" = Dell Games
"Windows Live Toolbar" = Windows Live Toolbar
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Pilot Desktop" = Palm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2009 4:07:16 PM | Computer Name = CDHASTINGS-PC | Source = VSS | ID = 8194
Description =

Error - 3/15/2009 1:05:37 AM | Computer Name = CDHASTINGS-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module mshtml.dll, version 7.0.6001.18203, time stamp 0x496ed0f3,
exception code 0xc0000005, fault offset 0x00097a4e, process id 0x12d4, application
start time 0x01c9a523d72a2ce3.

Error - 4/12/2009 12:50:27 AM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2300 (0x8fc) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.414
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 4/15/2009 4:19:57 PM | Computer Name = CDHASTINGS-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 4/15/2009 4:19:57 PM | Computer Name = CDHASTINGS-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 4/21/2009 4:26:54 PM | Computer Name = CDHASTINGS-PC | Source = VSS | ID = 8194
Description =

Error - 4/30/2009 11:56:27 AM | Computer Name = CDHASTINGS-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 5/3/2009 2:29:19 AM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2492 (0x9bc) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopSetup.exe by C:\Windows\System32\svchost.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/3/2009 6:23:06 PM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2932 (0xb74) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/3/2009 6:34:02 PM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3352 (0xd18) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ Media Center Events ]
Error - 8/19/2009 3:25:27 PM | Computer Name = CDHASTINGS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/25/2011 2:15:19 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 6:06:36 PM | Computer Name = CDHASTINGS-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:04:38 PM on 9/26/2011 was unexpected.

Error - 9/26/2011 6:08:16 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 1:47:47 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 27th, 2011, 7:04 pm

Thank you for your time. It is greatly appreciated!!

OTL

OTL logfile created on: 9/27/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\cdhastings\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 322.36 Mb Available Physical Memory | 33.66% Memory free
2.13 Gb Paging File | 0.95 Gb Available in Paging File | 44.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 77.53 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.46 Gb Free Space | 54.64% Space Free | Partition Type: NTFS

Computer Name: CDHASTINGS-PC | User Name: cdhastings | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cdhastings\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\McAfee\MSK\mskapbho.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Lang\att-en-us\ymetray-att-en-us.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (0301061317089297mcinstcleanup) McAfee Application Installer Cleanup (0301061317089297) -- C:\Windows\Temp\0301061317089297mcinst.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LMIRescue) -- C:\Windows\LMIDC.tmp\rescue.exe (LogMeIn, Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/ie4/search/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811



IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/ie4/search/index.html
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.att.net/ [binary data]
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 23:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/09/26 14:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/09/26 19:12:06 | 000,000,000 | ---D | M]

[2011/02/21 22:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdhastings\AppData\Roaming\Mozilla\Extensions
[2011/02/21 22:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdhastings\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Yahoo! ()
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110914193132.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-64214283-4165003091-436595274-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-64214283-4165003091-436595274-1000..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC4CB9C9-08B7-470B-A78B-66A8A247A437}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\cdhastings\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\cdhastings\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 15:43:07 | 004,228,780 | ---- | C] (Swearware) -- C:\Users\cdhastings\Desktop\ComboFix.exe
[2011/09/26 15:21:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\cdhastings\Desktop\OTL.exe
[2011/09/26 15:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/09/26 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\cdhastings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/26 13:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/14 03:02:46 | 000,000,000 | ---D | C] -- C:\551981fce3c7ff94a607b0f044e9
[2006/09/14 09:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 15:55:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/27 15:48:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 15:48:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 15:47:33 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/27 15:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 12:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 12:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/09/26 15:44:32 | 004,228,780 | ---- | M] (Swearware) -- C:\Users\cdhastings\Desktop\ComboFix.exe
[2011/09/26 15:40:12 | 000,302,592 | ---- | M] () -- C:\Users\cdhastings\Desktop\icjvc6po.exe
[2011/09/26 15:21:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\cdhastings\Desktop\OTL.exe
[2011/09/26 15:07:08 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/09/26 15:06:49 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/09/26 15:06:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6aa46af8380.job
[2011/09/26 13:55:38 | 000,001,958 | ---- | M] () -- C:\Users\cdhastings\Desktop\HiJackThis.lnk
[2011/09/22 15:06:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/20 23:07:39 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/15 23:35:02 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/15 23:35:02 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/14 20:13:49 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/14 12:46:30 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 15:40:08 | 000,302,592 | ---- | C] () -- C:\Users\cdhastings\Desktop\icjvc6po.exe
[2011/09/26 13:55:38 | 000,001,958 | ---- | C] () -- C:\Users\cdhastings\Desktop\HiJackThis.lnk
[2011/02/21 18:03:58 | 000,028,423 | ---- | C] () -- C:\Windows\System32\iGolfneosync_uninst.exe
[2011/02/21 16:04:53 | 000,000,023 | ---- | C] () -- C:\Windows\Neo Firmware Update.INI
[2010/10/09 13:23:31 | 000,000,680 | ---- | C] () -- C:\Users\cdhastings\AppData\Local\d3d9caps.dat
[2009/10/14 22:09:43 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/08/18 12:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 12:25:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/21 17:52:42 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/04/21 13:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\PF1800LC.Dll
[2009/04/21 13:27:38 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PWiaExt.dll
[2009/04/21 13:27:38 | 000,010,624 | ---- | C] () -- C:\Windows\System32\GENEUSB.SYS
[2009/04/21 13:27:38 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\GENEUSB.SYS
[2009/04/21 13:27:37 | 000,155,648 | ---- | C] () -- C:\Windows\System32\daspi32u.dll
[2009/04/21 13:27:37 | 000,106,496 | ---- | C] () -- C:\Windows\System32\IO_PORT.DLL
[2009/04/21 13:27:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\FVC.DLL
[2009/04/21 13:27:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SQ1394.DLL
[2009/04/21 13:27:37 | 000,000,234 | ---- | C] () -- C:\Windows\Scanner.ini
[2009/01/31 13:13:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/28 14:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\marscam.ini
[2008/11/21 18:21:53 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/11/21 18:19:45 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/10/16 23:51:40 | 000,000,023 | ---- | C] () -- C:\Windows\System32\presets.ini
[2007/10/09 18:38:17 | 000,000,560 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/10/09 18:34:59 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2007/09/11 20:26:25 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 14:15:50 | 000,000,162 | ---- | C] () -- C:\Windows\WinInit.Ini
[2007/09/01 23:01:54 | 000,001,316 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/05/20 18:45:19 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini
[2007/05/17 21:49:14 | 000,040,448 | ---- | C] () -- C:\Users\cdhastings\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 15:46:44 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2007/01/03 05:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,322,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/02/12 07:12:54 | 000,000,181 | ---- | C] () -- C:\Windows\System32\lxbrcoin.ini

< End of report >

Extras

OTL Extras logfile created on: 9/27/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\cdhastings\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 322.36 Mb Available Physical Memory | 33.66% Memory free
2.13 Gb Paging File | 0.95 Gb Available in Paging File | 44.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 77.53 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.46 Gb Free Space | 54.64% Space Free | Partition Type: NTFS

Computer Name: CDHASTINGS-PC | User Name: cdhastings | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- IExplore
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6649ADCD-C380-4C0A-A9AF-7684CCF64946}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B33749E-F72B-4320-94E1-DF181BD7768D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{6D467BDA-BB6D-4C83-A4EA-04362D0938DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{8DDB1483-DDA2-4779-99B1-2E16B1DB1B04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CAE76304-B3EC-47DD-A998-69F88893E786}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6FB4D5D-6835-4C54-8796-250E0BBE1C30}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10355AF4-154F-4B1A-AC60-A07101C114F6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{11330F3F-418F-4851-87FC-F2EA74C53E80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{182E629E-9F55-4030-B669-E7C925931BD1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1A6D2493-A977-4702-9DED-E7E8DCE92C12}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1B84C457-EE41-4BE6-B8F5-27F3F405495A}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{2135C42B-0757-439D-A0EA-AE7D503CC96C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{247E14B0-4A65-4AD0-A3A9-EB030F3AD450}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{24EEE298-D778-4F27-862E-1BCFB4689DE2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3102EA34-783D-4DC7-9E2A-E10B8E2BD5F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{333BF356-DFF9-4AE3-8E6C-14C67FA165E3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3922D231-7937-48A6-A63A-FBFAED7360A4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{4FD84A35-96BC-4EB7-A305-3D7FE5C2D9DF}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{524895F9-C1DC-4BFD-9995-7E90A0E82D7F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{534F0B37-9746-4CDD-B5E9-A8967F147A99}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5D9AAEC9-86BD-4BEC-B265-C17AF8A007FD}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{609DD491-3A12-4BA3-A1C3-D537D1C3C4EC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{61CB1D9F-3A3B-4DC3-A35C-36AACF056C7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{658C2FBE-AB78-46F0-892B-C1AEADD91930}" = protocol=6 | dir=in | app=c:\program files\yahoo!\upnp\yupnpsrv.exe |
"{67A92A80-610A-4A80-8146-C4705579FAED}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{7AFA31C3-1D68-4C1A-9BE0-2D824FFC9AB3}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{83757A2E-AB19-4D7E-B397-8459997B1709}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{87A6CFE3-A4D0-4FDC-922D-94957941F8BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B523354-8A68-46D9-8B85-971EEE3AD2B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92824F26-CD14-42D6-83F1-54D49F2E9C06}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{9D46FE9A-7727-4657-AF7F-85A7E20FF256}" = protocol=17 | dir=in | app=c:\program files\yahoo!\upnp\yupnpsrv.exe |
"{9F82C13F-06A0-4EE9-8960-84F57F530347}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{A3DBEFC6-E512-44D5-8BEC-AE3470B72314}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{A4E0A750-EB75-452C-8116-5DAD3E8E36CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A66A8FFF-B490-45D0-9205-D799E6F309F4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B2C4DDE3-567E-42F2-ACDB-AC0975404725}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B6B335A9-930F-4FE8-BBFB-666AB94A7355}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B7549DFD-3D41-44D1-9944-6C6F7FFD231A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7626C8B-D217-42E4-9E9F-8B952CD9A198}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BB0A52A0-07DF-4B51-B0E5-02E7CBFCE345}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{C1B65F82-FE58-4B00-A366-29670818C741}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{C2ACB6C1-4BB3-4FD9-BEAA-2668521665FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2CA34E2-916B-4787-B4C8-13D754B731F0}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{CA18A851-7307-48E3-89D7-493310EDEE63}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{CA347680-01E0-4D35-B237-D7ADF1B78F02}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{CD211DDE-5AE0-47DA-A986-2F7B2286EDB6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D1B4610B-E0E8-49DF-B2BA-9C673EED90AB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{DC9BB12E-0E4C-4A29-8EA0-7FEDAEA503CB}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{F19AD552-439C-43E1-92AC-4EFE488A335A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F2E17BC7-7A04-40EA-A908-4CDC351D34DB}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{F365411E-F1EC-41CE-8043-F92B085C5BF1}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{FE329779-B3BE-466D-9228-CC1C7DF86282}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{FF8C865E-2064-46DB-8640-0D55E963D669}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"TCP Query User{28F0AEB9-1B12-48A4-B7BC-C6422CE13924}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D8DB1604-8EE7-4A85-95E0-4B8FA574775F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.18c
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Audit Support Center" = Audit Support Center 1.0
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Support Center" = Dell Support Center
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iGolf Neo Sync" = iGolf Neo Sync Application v3.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PL2303" = PL-2303 USB Driver
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WildTangent dell Master Uninstall" = Dell Games
"Windows Live Toolbar" = Windows Live Toolbar
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Pilot Desktop" = Palm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2009 4:07:16 PM | Computer Name = CDHASTINGS-PC | Source = VSS | ID = 8194
Description =

Error - 3/15/2009 1:05:37 AM | Computer Name = CDHASTINGS-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module mshtml.dll, version 7.0.6001.18203, time stamp 0x496ed0f3,
exception code 0xc0000005, fault offset 0x00097a4e, process id 0x12d4, application
start time 0x01c9a523d72a2ce3.

Error - 4/12/2009 12:50:27 AM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2300 (0x8fc) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.414
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 4/15/2009 4:19:57 PM | Computer Name = CDHASTINGS-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 4/15/2009 4:19:57 PM | Computer Name = CDHASTINGS-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 4/21/2009 4:26:54 PM | Computer Name = CDHASTINGS-PC | Source = VSS | ID = 8194
Description =

Error - 4/30/2009 11:56:27 AM | Computer Name = CDHASTINGS-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 5/3/2009 2:29:19 AM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2492 (0x9bc) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopSetup.exe by C:\Windows\System32\svchost.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/3/2009 6:23:06 PM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2932 (0xb74) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/3/2009 6:34:02 PM | Computer Name = CDHASTINGS-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3352 (0xd18) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll by C:\Program Files\Internet Explorer\iexplore.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ Media Center Events ]
Error - 8/19/2009 3:25:27 PM | Computer Name = CDHASTINGS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/25/2011 2:15:19 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 5:04:35 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 6:06:36 PM | Computer Name = CDHASTINGS-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:04:38 PM on 9/26/2011 was unexpected.

Error - 9/26/2011 6:08:16 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 1:47:47 PM | Computer Name = CDHASTINGS-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 27th, 2011, 8:28 pm

GMER Part 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-27 17:20:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 ST316081 rev.3.AD
Running: icjvc6po.exe; Driver: C:\Users\CDHAST~1\AppData\Local\Temp\uglcafob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82C40268]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82C40292]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82C4027E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82C40254]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82231982 5 Bytes JMP 82C40258 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 823F7143 5 Bytes JMP 82C40296 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8241689A 7 Bytes JMP 82C4026C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82416B5D 5 Bytes JMP 82C40282 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8A60C340, 0x2926E7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[652] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00070FEF
.text C:\Windows\system32\services.exe[652] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00070FCA
.text C:\Windows\system32\services.exe[652] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 0007000A
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 000F0F3A
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 000F0F4B
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 000F0EF3
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 000F0F0E
.text C:\Windows\system32\services.exe[652] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 000F0058
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 000F0FDB
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 000F0F5C
.text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 000F0F7E
.text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 000F0047
.text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 000F0F9B
.text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 000F002C
.text C:\Windows\system32\services.exe[652] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 000F0F6D
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 000F0EE2
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 000F0011
.text C:\Windows\system32\services.exe[652] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 000F0000
.text C:\Windows\system32\services.exe[652] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 000F0F1F
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00910F72
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00910F9E
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00910000
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00910F8D
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00910025
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00910FCA
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00910FE5
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00910FAF
.text C:\Windows\system32\services.exe[652] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 0010003A
.text C:\Windows\system32\services.exe[652] msvcrt.dll!system 768B804B 5 Bytes JMP 00100FB9
.text C:\Windows\system32\services.exe[652] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00100FDE
.text C:\Windows\system32\services.exe[652] msvcrt.dll!_open 768BD106 5 Bytes JMP 0010000C
.text C:\Windows\system32\services.exe[652] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00100029
.text C:\Windows\system32\services.exe[652] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00100FEF
.text C:\Windows\system32\services.exe[652] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00110FE5
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00140000
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00140FD4
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00140FE5
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00810089
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00810F43
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 008100BF
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00810F28
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00810F79
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00810FCA
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00810FB9
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00810078
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00810F94
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00810040
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00810051
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 0081002F
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00810F68
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 008100DA
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00810FE5
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00810000
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 0081009A
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00880065
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00880039
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00880000
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 0088004A
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00880FB2
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00880FD4
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00880FEF
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00880FC3
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 0082003D
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!system 768B804B 5 Bytes JMP 0082002C
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00820FCD
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!_open 768BD106 5 Bytes JMP 00820FEF
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00820FBC
.text C:\Windows\system32\lsass.exe[664] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00820FDE
.text C:\Windows\system32\lsass.exe[664] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00830000
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 002D0FDE
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 006700A0
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00670F50
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00670F24
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 006700B1
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00670F97
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 0067001B
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00670FCA
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00670F6B
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00670FA8
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00670040
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00670065
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00670FB9
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00670F7C
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00670F13
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00670FE5
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 0067000A
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00670F3F
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00680061
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 768B804B 5 Bytes JMP 00680050
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 0068002E
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 768BD106 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 0068003F
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 0068001D
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 006A0F8D
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 006A0FC3
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 006A0FB2
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 006A004A
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 76B736D1 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 002100D0
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00210F8A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00210F43
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00210F54
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 0021007F
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00210FCA
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 002100AB
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00210FA5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00210047
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 77EC9554 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00210058
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00210036
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00210090
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 002100F5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00210F6F
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00230FB9
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 768B804B 5 Bytes JMP 00230044
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00230022
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 768BD106 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00230033
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00230FDE
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 003C0036
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 003C0FAF
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 003C0F9E
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 003C0F79
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 003C0FD4
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 003C001B
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00240FEF
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 0022001B
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00230F3F
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00230F50
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00230EF8
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00230F13
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00230F83
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00230FD4
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00230FC3
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00230F61
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00230051
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00230040
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00230F94
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 0023002F
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00230F72
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00230EE7
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileW 77EEB0EB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00230FEF
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00230000
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00230F24
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00200077
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!system 768B804B 5 Bytes JMP 00200066
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 0020003A
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_open 768BD106 5 Bytes JMP 00200000
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00200055
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00200029
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00380FC7
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 0038004E
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00380000
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00380069
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00380FAC
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00380022
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00380011
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00380033
.text C:\Windows\System32\svchost.exe[1100] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00360FEF
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 0044000A
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00440025
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00440FEF
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00CA00D7
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00CA00C6
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00CA0103
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00CA0F6C
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00CA00A1
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00CA0FE5
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00CA0036
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00CA0F9B
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00CA0084
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00CA0058
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00CA0073
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00CA0047
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00CA0FAC
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00CA011E
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00CA0011
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00CA0000
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00CA00E8
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00CB0FA6
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 768B804B 5 Bytes JMP 00CB0031
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00CB0FC1
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 768BD106 5 Bytes JMP 00CB0FEF
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00CB0016
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00CB0FD2
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00D60FA5
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00D60FCA
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00D60000
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00D60051
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00D6006C
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00D6001B
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00D60FE5
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00D60036
.text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00F9002C
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00F90011
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00FA0096
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00FA0F50
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00FA0F1A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00FA0F2B
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00FA0067
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00FA0025
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00FA0FDE
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00FA0F61
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00FA0F8D
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00FA0FB9
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00FA0F72
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00FA0F09
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00FA00A7
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00FF0FA1
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!system 768B804B 5 Bytes JMP 00FF0022
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00FF0FCD
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_open 768BD106 5 Bytes JMP 00FF0FEF
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00FF0FB2
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00FF0FDE
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 01310F94
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 01310FB9
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 01310FE5
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 01310036
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 01310051
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 01310FD4
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 0131000A
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 0131001B
.text C:\Windows\system32\svchost.exe[1180] WS2_32.dll!socket 76B736D1 5 Bytes JMP 01300000
.text C:\Windows\system32\svchost.exe[1180] WININET.dll!InternetOpenA 76564E33 5 Bytes JMP 01D80000
.text C:\Windows\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 7656BFCE 5 Bytes JMP 01D8001B
.text C:\Windows\system32\svchost.exe[1180] WININET.dll!InternetOpenW 7659C02E 5 Bytes JMP 01D80FE5
.text C:\Windows\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 765CD70A 5 Bytes JMP 01D80FCA
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00250F37
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 0025007D
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00250F12
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 002500A9
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00250F77
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00250FE5
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00250FCA
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00250F52
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00250F94
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00250051
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00250FA5
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00250036
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00250062
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00250F01
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00250011
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00250000
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 0025008E
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00260F81
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!system 768B804B 5 Bytes JMP 00260F9C
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00260FC8
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_open 768BD106 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00260FAD
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 002C0F9B
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 002C0036
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 002C0047
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 002C0F80
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 002C001B
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 002C0FE5
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 002C0FCA
.text C:\Windows\system32\svchost.exe[1308] WS2_32.dll!socket 76B736D1 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00D80025
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00DE0F4B
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00DE009B
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00DE00AC
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00DE0F15
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00DE0F9C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00DE0FE5
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00DE0036
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00DE0F7A
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00DE0FB9
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00DE006C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00DE0051
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00DE0F8B
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00DE00C7
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00DE001B
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00DE000A
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00DE0F3A
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 01440FA3
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!system 768B804B 5 Bytes JMP 01440FBE
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 0144001D
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_open 768BD106 5 Bytes JMP 0144000C
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 01440038
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wopen
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 27th, 2011, 8:29 pm

GMER Part 2

.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 014A006C
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 014A0040
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 014A0000
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 014A005B
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 014A0087
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 014A0025
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 014A0FE5
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 014A0FCA
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!socket 76B736D1 5 Bytes JMP 01450000
.text C:\Windows\system32\svchost.exe[1372] WININET.dll!InternetOpenA 76564E33 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 7656BFCE 5 Bytes JMP 00DF0FDE
.text C:\Windows\system32\svchost.exe[1372] WININET.dll!InternetOpenW 7659C02E 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 765CD70A 5 Bytes JMP 00DF0FC3
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00E60FDE
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00E60FEF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00EB008E
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00EB0F48
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00EB00CB
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00EB00B0
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00EB0062
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00EB0FCA
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00EB001B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00EB0F59
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00EB0F88
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00EB0FA5
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00EB0051
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00EB002C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00EB0073
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00EB0F23
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 77EEB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00EB0FEF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00EB0000
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00EB009F
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00ED004C
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 768B804B 5 Bytes JMP 00ED0FC1
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00ED0FE3
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 768BD106 5 Bytes JMP 00ED000C
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00ED0FD2
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00ED001D
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00F80F9B
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00F80FB6
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00F8003D
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00F80058
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00F80011
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00F80FDB
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00F8002C
.text C:\Windows\system32\svchost.exe[1544] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00F30FEF
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00150FE5
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 001A009B
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 001A0F55
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 001A0F1F
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 001A00AC
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 001A005B
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 001A0014
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 001A002F
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 001A0F66
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 001A0F81
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 001A0FA8
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 001A0040
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 001A0FC3
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 001A0076
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 001A0F04
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 001A0F3A
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 001B0F9C
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!system 768B804B 5 Bytes JMP 001B0FAD
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 001B0FD2
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_open 768BD106 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 001B0027
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00DF0F83
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00DF002C
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00DF0F94
.text C:\Windows\system32\svchost.exe[1800] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00DE0000
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 03930FEF
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 0393001B
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 0393000A
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 03A00F41
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 03A00F52
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 03A00EFA
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 03A00F15
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 03A00062
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 03A0001B
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 03A00FCA
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 03A0007D
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 03A00051
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 03A00040
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 03A00F94
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 03A00FB9
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 03A00F6D
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 03A000AC
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 03A00000
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 03A00FEF
.text C:\Windows\Explorer.EXE[1976] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 03A00F30
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 03A9002F
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 03A90F8D
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 03A90FE5
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 03A90014
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 03A90F72
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 03A90FB9
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 03A90FD4
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 03A90F9E
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 03A70053
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!system 768B804B 5 Bytes JMP 03A70038
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 03A7001D
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!_open 768BD106 5 Bytes JMP 03A70FEF
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 03A70FC8
.text C:\Windows\Explorer.EXE[1976] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 03A7000C
.text C:\Windows\Explorer.EXE[1976] WININET.dll!InternetOpenA 76564E33 5 Bytes JMP 03A50FEF
.text C:\Windows\Explorer.EXE[1976] WININET.dll!InternetOpenUrlA 7656BFCE 5 Bytes JMP 03A50014
.text C:\Windows\Explorer.EXE[1976] WININET.dll!InternetOpenW 7659C02E 5 Bytes JMP 03A50FD4
.text C:\Windows\Explorer.EXE[1976] WININET.dll!InternetOpenUrlW 765CD70A 5 Bytes JMP 03A50FC3
.text C:\Windows\Explorer.EXE[1976] WS2_32.dll!socket 76B736D1 5 Bytes JMP 03A80FE5
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00010F0E
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 00010F1F
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 00010079
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00010EE2
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00010F66
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00010F3A
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 0001008A
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00010EFD
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00060FAD
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!system 768B804B 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 0006001D
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_open 768BD106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00060FBE
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00070F9E
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2596] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[3084] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00700000
.text C:\Windows\system32\svchost.exe[3084] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 00700FCA
.text C:\Windows\system32\svchost.exe[3084] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00700FE5
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 007100B5
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 0071009A
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 007100F5
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 007100DA
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00710064
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00710FCA
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 0071001B
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 0071007F
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00710F8A
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00710047
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00710F9B
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00710036
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00710F79
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 00710106
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00710FE5
.text C:\Windows\system32\svchost.exe[3084] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00710F54
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 000B005F
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!system 768B804B 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_creat 768BBBE1 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_open 768BD106 5 Bytes JMP 000B000C
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 000B003A
.text C:\Windows\system32\svchost.exe[3084] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 000B001D
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegCreateKeyExA 76D439AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 006F0FAF
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 006F0FC0
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 006F0000
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 006F0047
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 006F0F94
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 006F0022
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 006F0011
.text C:\Windows\system32\svchost.exe[3084] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 006F0FD1
.text C:\Windows\system32\svchost.exe[3084] WS2_32.dll!socket 76B736D1 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 002B00AB
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 002B0F65
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 002B00D7
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 002B00C6
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 002B0064
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 002B0011
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 002B0FCA
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 002B0090
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 002B0053
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 002B0036
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 002B0F8A
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 002B0FAF
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 002B0075
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 002B0F25
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 002B0FE5
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 002B0F54
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00220069
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!system 768B804B 5 Bytes JMP 00220FDE
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!_open 768BD106 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 0022004E
.text C:\Windows\system32\svchost.exe[3308] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00220029
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 00290F83
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 00290FB9
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00290F9E
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00290F72
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00290FD4
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00290025
.text C:\Windows\system32\svchost.exe[3308] WS2_32.dll!socket 76B736D1 5 Bytes JMP 00280000
.text C:\Windows\System32\svchost.exe[3360] ntdll.dll!NtCreateFile 77D84224 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[3360] ntdll.dll!NtCreateProcess 77D842E4 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[3360] ntdll.dll!NtProtectVirtualMemory 77D84B84 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoW 77EA1929 5 Bytes JMP 00080F5E
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoA 77EA19C9 5 Bytes JMP 000800A4
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessW 77EA1BF3 5 Bytes JMP 000800C9
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessA 77EA1C28 5 Bytes JMP 00080F32
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtect 77EA1DC3 5 Bytes JMP 00080F94
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeA 77EA2EF5 5 Bytes JMP 00080014
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeW 77EA5C0C 5 Bytes JMP 00080025
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreatePipe 77EC8F06 5 Bytes JMP 00080093
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExW 77EC927C 5 Bytes JMP 00080062
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 00080040
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExA 77EC9554 5 Bytes JMP 00080051
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 00080FAF
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtectEx 77ECDC52 5 Bytes JMP 00080F83
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetProcAddress 77EE925B 5 Bytes JMP 000800DA
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileW 77EEB0EB 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileA 77EED07F 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!WinExec 77F360CF 5 Bytes JMP 00080F4D
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wsystem 768B7F2F 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!system 768B804B 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_creat 768BBBE1 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_open 768BD106 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wcreat 768BD326 5 Bytes JMP 00050018
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wopen 768BD501 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExA 76D439AB 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 76D43BA9 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyA 76D489C7 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyW 76D5391E 5 Bytes JMP 00060040
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExW 76D541F1 5 Bytes JMP 00060F94
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExA 76D57C42 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyW 76D5E2B5 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExW 76D67BA1 5 Bytes JMP 00060FB9
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3736] kernel32.dll!LoadLibraryW 77EC9400 5 Bytes JMP 70A19A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3736] kernel32.dll!LoadLibraryA 77EC957C 5 Bytes JMP 70A199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2952] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00A6A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00A6A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby deltalima » September 28th, 2011, 6:09 am

Hi nNeedofHelp,

I see from the log that you have downloaded Combofix.

Did you run it and if so what were the results?

Please do not make any other changes to the system or run any scans unless I give instructions to do so.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 28th, 2011, 10:34 am

I did not run combofix.

It is my parents home computer. Since it is a drive to their house, I tried to prepare by downloading programs I thought might help
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby deltalima » September 28th, 2011, 1:36 pm

Hi nNeedofHelp,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Coupon Printer for Windows
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Run OTL Script

  • Right click OTL.exe and select: Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (LMIRescue) -- C:\Windows\LMIDC.tmp\rescue.exe (LogMeIn, Inc.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811
    O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-64214283-4165003091-436595274-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 28th, 2011, 6:07 pm

OTL

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\BAE\BAE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Error: No service named sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter was found to stop!
Service\Driver key sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter not found.
File File not found not found.
Service IntuitUpdateService stopped successfully!
Service IntuitUpdateService deleted successfully!
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe moved successfully.
Service LMIRescue stopped successfully!
Service LMIRescue deleted successfully!
C:\Windows\LMIDC.tmp\rescue.exe moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-64214283-4165003091-436595274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
C:\Windows\Downloaded Program Files\mcfscan.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: cdhastings
->Temp folder emptied: 406699002 bytes
->Temporary Internet Files folder emptied: 166433373 bytes
->Java cache emptied: 107379681 bytes
->Google Chrome cache emptied: 6235689 bytes
->Flash cache emptied: 57820 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9581881 bytes
%systemroot%\System32 .tmp files removed: 585728 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 473097474 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,116.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: cdhastings
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09282011_144502

Files\Folders moved on Reboot...
File\Folder C:\Users\cdhastings\AppData\Local\Temp\~DFD71.tmp not found!
File\Folder C:\Users\cdhastings\AppData\Local\Temp\~DFDB8.tmp not found!
C:\Users\cdhastings\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\cdhastings\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 29th, 2011, 12:32 am

eset

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5be490c517e2604c8bccb674fc34b9a1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-29 01:28:17
# local_time=2011-09-28 06:28:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16777213 100 75 0 46391841 0 0
# compatibility_mode=5892 16776574 100 100 32917723 153856049 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=263785
# found=0
# cleaned=0
# scan_time=11176
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 29th, 2011, 1:23 am

After reboot, McAfee realtime scanning still off and when I click to turn on, it just turns itself back off.
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby deltalima » September 29th, 2011, 5:04 am

Hi nNeedofHelp,

Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow Computer - McAfee Scan turms itself Off

Unread postby nNeedofHelp » September 29th, 2011, 2:54 pm

Thanks again.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-29 11:51:01
-----------------------------
11:51:01.618 OS Version: Windows 6.0.6002 Service Pack 2
11:51:01.618 Number of processors: 2 586 0x6B01
11:51:01.618 ComputerName: CDHASTINGS-PC UserName: cdhastings
11:51:41.944 Initialize success
11:52:10.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
11:52:10.985 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 6
11:52:13.013 Disk 0 MBR read successfully
11:52:13.013 Disk 0 MBR scan
11:52:13.013 Disk 0 Windows VISTA default MBR code
11:52:13.028 Disk 0 scanning sectors +312496128
11:52:13.106 Disk 0 scanning C:\Windows\system32\drivers
11:52:22.544 Service scanning
11:52:25.883 Modules scanning
11:52:34.119 Disk 0 trace - called modules:
11:52:34.151 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
11:52:34.166 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85660a28]
11:52:34.166 3 CLASSPNP.SYS[82fd88b3] -> nt!IofCallDriver -> [0x84c97f08]
11:52:34.166 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\00000059[0x8488a9c0]
11:52:34.182 Scan finished successfully
11:52:47.223 Disk 0 MBR has been saved successfully to "C:\Users\cdhastings\Desktop\MBR.dat"
11:52:47.255 The log file has been saved successfully to "C:\Users\cdhastings\Desktop\aswMBR.txt"
nNeedofHelp
Regular Member
 
Posts: 15
Joined: September 26th, 2011, 5:00 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware