Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

McAfee not updating, Firefox shutting down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

McAfee not updating, Firefox shutting down

Unread postby Trravis » August 18th, 2009, 7:01 pm

Thanks in advance for the energy and effort!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:48 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\McAfee.com\Agent\mcagent.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\CASIO\Photo Loader\Plauto.exe
G:\Program Files\Locate\Locate32.exe
G:\Program Files\Secunia\PSI\psi.exe
G:\Program Files\SpywareGuard\sgmain.exe
G:\Program Files\SpywareGuard\sgbhp.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\McAfee\MBK\MBackMonitor.exe
G:\Program Files\McAfee\SiteAdvisor\McSACore.exe
G:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
g:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
G:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
G:\Program Files\McAfee\MPF\MPFSrv.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Viewpoint\Common\ViewpointService.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
G:\Program Files\MediaMonkey\MediaMonkey.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\uTorrent\uTorrent.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - G:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - G:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - G:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - G:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - G:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - G:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - G:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [mcagent_exe] G:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McAfee Backup] G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] G:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Startup: Secunia PSI.lnk = G:\Program Files\Secunia\PSI\psi.exe
O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Toolbar Search - G:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - G:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - G:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - G:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - G:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - g:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - G:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - G:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - G:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - https://epmail.elpaso.com/OWA/8.1.359.2 ... dc-wrd.gif

--
End of file - 10217 bytes
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm
Advertisement
Register to Remove

Re: McAfee not updating, Firefox shutting down

Unread postby MWR 3 day Mod » August 22nd, 2009, 12:31 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: McAfee not updating, Firefox shutting down

Unread postby francis327 » August 23rd, 2009, 12:02 am

Hi, Welcome to the Malware Removal.
My name is Francis, and I'll be helping you with your malware problems.
HijackThis logs can take a while to research, so please be patient.


Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. Please, if you have questions about something...ASK, don't guess or assume.
  3. Please -only- post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  4. Please -only- reply to this thread, do not start another!
  5. Please do not run any other fix/removal tools unless instructed to do so!
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Please, continue responding, until I give you the "All Clean"

A gentle reminder before we proceed further:
No reply after 3 days in your thread will result in your topic being closed
Please notify me in advance if you are not able to reply me within 3 days



1 - HJT - Uninstall Manager Log
===========================
Please run HijackThis
If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.

  • From the Main Menu...Press the "Open the Misc Tools"...button.
  • Press the "Open Uninstall Manager... button.
  • Press only the Save List...button.
  • Press the "Save" button.
    The file "uninstall_list.txt" will be saved in your HJT folder.
  • Copy and Paste the contents of "uninstall_list.txt' in your next reply.


2 - Status Check
=================
In your next reply, kindly please post the followinh

  • New HijackThis log
  • Uninstall list
  • A detail description of the problem you are having now with your system
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 23rd, 2009, 3:35 am

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
Bonjour
Cain & Abel v4.9.28
CCleaner (remove only)
Download Updater (AOL LLC)
ERUNT 1.1j
ESET Online Scanner
Foxit Reader
Foxit Toolbar
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
ImgBurn
iTunes
K-Lite Codec Pack 4.5.3 (Full)
Locate32
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaMonkey 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Mozilla Firefox (3.0.13)
NVIDIA Drivers
PayPal Plug-In
Photo Loader 2.3E
Photohands 1.0E
PlayersOnly Poker
PokerStars
PokerTracker 3 (remove only)
PostgreSQL 8.3
QuickTime
Realtek AC'97 Audio
Respondus LockDown Browser
Revo Uninstaller 1.83
Secunia PSI
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SharkScope HUD 1.0.111
Sid Meier's Civilization 4
Smart Defrag 1.20
SpywareBlaster 4.2
SpywareGuard v2.2
TableScan Turbo v0.34 (BETA)
Ulead Movie Wizard SE VCD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Media Player
Windows Internet Explorer 8
WinPcap 4.1 beta5
WinRAR archiver


McAfee is not updating and notifies me that it needs to be reinstalled. Also, Firefox crashes often but I am not experiencing any browser redirecting. My desktop has crashed and I am stuck on a "Restore Active Desktop" screen. When I try the restore button, my computer returns that a file is corrupted and that it is unable to restore my desktop. I am also receiving errors from my OS that a critical error has occurred. My computer will also randomly shut down, but I think that is in connection to a recent RAM and video card upgrade.

Again, thanks in advance for your help!
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby francis327 » August 23rd, 2009, 6:12 am

Hi Trravis, one question

O24 - Desktop Component 0: (no name) - https://epmail.elpaso.com/OWA/8.1.359.2 ... dc-wrd.gif

Did you configure an Active Desktop Component yourself? Please come back to me on this in your next reply.
Next, please execute the following instructions.


1 - P2P Policy
===========
With reference to Malware Removal's P2P Programs Policy, please remove the following programs before we continue:
uTorrent

To do so:
Please use Windows Explorer (to get there right-click your Start button and go to "Explore"), please the following folder:
G:\Program Files\uTorrent



2 - OTL
=======
Please download the OTL by OldTimer
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

3 - Status Check
In your next reply, please post the following

  • OTL log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: McAfee not updating, Firefox shutting down

Unread postby francis327 » August 23rd, 2009, 7:09 am

Hi Trravis,
I came across this while i was researching your log

http://forums.spybot.info/showthread.php?p=330336

It seems to me like you have posted in two different forum.
I would like to bring your attention to THIS post.

  • By Multi Posting you are utilising the time of two (or more) trained helpers.

    Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

    Understandably this causes a certain amount of bad feeling.

    * From the helper who has needlessly spent time researching your log and compiling and posting instructions.
    * From others who have to wait longer for their problems to be addressed.


  • Advice from two separate helpers can cause problems.

    Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.


That said, we reserve the right to close any thread where we believe multi-posting has occurred. But since i have started to assist you on the issue, best for me to finish off the job for you which by mean i would request you to close the other topic you posted in the link above as you haven't reply to the post on the other side.

It's your call. Thank you.
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 24th, 2009, 5:50 pm

Francis

The thread on the other forum has been closed. When I hadn't gotten a response in a couple days from this forum, I tried that one. I had no intention of trying to run both at the same time and I'd very much appreciate your continued assistance.

Here are my OTL logs:

OTL logfile created on: 8/24/2009 3:58:09 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = G:\Documents and Settings\T-Ravis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.72% Memory free
2.36 Gb Paging File | 1.85 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): G:\pagefile.sys 528 1056 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 114.48 Gb Total Space | 106.26 Gb Free Space | 92.82% Space Free | Partition Type: NTFS
Drive D: | 1.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 1.19 Gb Free Space | 0.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 64.29 Gb Total Space | 28.75 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 543.25 Gb Free Space | 58.32% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TRAVIS
Current User Name: T-Ravis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - G:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - G:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - G:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - G:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - G:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
PRC - G:\Program Files\Locate\Locate32.exe ()
PRC - G:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - G:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - G:\Program Files\SpywareGuard\sgmain.exe ()
PRC - G:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - G:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
PRC - G:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - G:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - g:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - g:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - G:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - G:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - G:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - G:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - G:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - G:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - g:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Documents and Settings\T-Ravis\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- G:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- G:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- G:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- G:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MBackMonitor [Auto | Running]) -- G:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- G:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- G:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- g:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- G:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- g:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- G:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- G:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- G:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- G:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- G:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- G:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pgsql-8.3 [Auto | Stopped]) -- G:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (rpcapd [On_Demand | Stopped]) -- G:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (UleadBurningHelper [Auto | Running]) -- G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- G:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- G:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (mcdbus [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- G:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- G:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- G:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- G:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- G:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- G:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nm [On_Demand | Stopped]) -- G:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- G:\WINDOWS\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nv [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PSI [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\psi_mf.sys (Secunia)
DRV - (Ptilink [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- G:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- G:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- G:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (USBAAPL [On_Demand | Stopped]) -- G:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {27c60876-b5c9-4335-b4f3-52b26782220c}:0.9.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: G:\Program Files\McAfee\SiteAdvisor [2009/06/24 11:33:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\paypalfirefoxplugin@orbiscom: G:\Program Files\PayPal\PayPal Plug-In
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: G:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/20 01:17:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2009/08/05 10:04:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2009/08/05 10:04:14 | 00,000,000 | ---D | M]

[2009/02/10 01:36:19 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Extensions
[2009/02/10 01:36:19 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/24 03:13:27 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions
[2009/05/31 02:20:13 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/04/28 07:41:45 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/07/14 15:43:46 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/11 15:30:34 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/05/20 23:24:35 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\mozilla\Firefox\Profiles\l437934z.default\extensions\firefox@tvunetworks.com
[2009/08/24 03:13:27 | 00,000,000 | ---D | M] -- G:\Program Files\mozilla firefox\extensions
[2009/08/05 10:04:14 | 00,000,000 | ---D | M] -- G:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/12 01:18:05 | 00,000,000 | ---D | M] -- G:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/05 10:04:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 10:04:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- G:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/05/07 15:48:55 | 00,072,960 | ---- | M] (Foxit Software Company) -- G:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/08/05 10:04:10 | 00,065,528 | ---- | M] (mozilla.org) -- G:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- G:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/06/19 17:49:31 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/19 17:49:31 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/19 17:49:32 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/19 17:49:33 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/19 17:49:34 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/19 17:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/19 17:49:36 | 00,143,360 | ---- | M] (Apple Inc.) -- G:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- G:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/04/23 19:39:08 | 00,001,394 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 19:39:08 | 00,002,193 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 19:39:08 | 00,001,534 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 19:39:08 | 00,002,343 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 19:39:08 | 00,001,706 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 19:39:08 | 00,001,178 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 19:39:08 | 00,000,792 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (768 bytes) - G:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - G:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - G:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - G:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - G:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [GrooveMonitor] G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MBkLogOnHook] G:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [McAfee Backup] G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] G:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] G:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] G:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\Locate32 Autorun.lnk = G:\Program Files\Locate\Locate32.exe ()
O4 - Startup: G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\Secunia PSI.lnk = G:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AIM Toolbar Search - G:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - G:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - G:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://epmail.elpaso.com/OWA/8.1.359.2 ... dc-wrd.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - G:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/10 00:32:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/15 01:42:09 | 00,253,952 | R--- | M] (Firaxis Games) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/15 01:42:09 | 00,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/15 01:42:09 | 00,004,118 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - G:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 G:\*.tmp files]
[1 G:\WINDOWS\System32\*.tmp files]
[4 G:\WINDOWS\*.tmp files]
[2009/08/24 15:56:50 | 00,514,048 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\T-Ravis\Desktop\OTL.exe
[2009/08/21 03:29:40 | 00,000,000 | ---D | C] -- G:\Documents and Settings\T-Ravis\Application Data\My Games
[2009/08/21 03:19:52 | 00,000,977 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2009/08/21 03:19:44 | 00,000,000 | ---D | C] -- G:\Program Files\Firaxis Games
[2009/08/21 02:47:59 | 00,000,000 | ---D | C] -- G:\Documents and Settings\T-Ravis\Desktop\New Folder
[2009/08/21 02:46:29 | 00,000,652 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/08/21 02:46:29 | 00,000,640 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\MagicDisc.lnk
[2009/08/21 02:46:23 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- G:\WINDOWS\System32\drivers\mcdbus.sys
[2009/08/21 02:46:22 | 00,000,000 | ---D | C] -- G:\Program Files\MagicDisc
[2009/08/21 02:45:33 | 00,001,486 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\MagicISO.lnk
[2009/08/21 02:45:33 | 00,000,000 | ---D | C] -- G:\Program Files\MagicISO
[2009/08/20 00:58:59 | 00,000,000 | -HSD | C] -- G:\found.001
[2009/08/18 17:55:29 | 00,001,734 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\HijackThis.lnk
[2009/08/17 15:41:50 | 00,000,000 | -HSD | C] -- G:\found.000
[2009/08/17 10:29:00 | 00,012,260 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\Intern - Grades.docx
[2009/08/17 02:32:37 | 00,000,000 | ---D | C] -- G:\Documents and Settings\T-Ravis\Application Data\McAfee
[2009/08/13 03:03:27 | 00,221,184 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\wmpns.dll
[2009/08/13 02:25:04 | 00,002,419 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Shortcut to HoldemManager.exe.lnk
[2009/08/13 02:24:57 | 00,000,000 | ---D | C] -- G:\Program Files\RVG Software
[2009/08/13 02:01:14 | 13,252,067 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\holdemmanager.zip
[2009/08/13 01:56:21 | 00,000,000 | ---D | C] -- G:\WINDOWS\System32\appmgmt
[2009/08/13 01:51:39 | 12,069,812 | ---- | C] (Holdem Manager, roy@holdemmanager.net) -- G:\Documents and Settings\T-Ravis\Desktop\HmBetaUpdate.exe
[2009/08/12 02:36:41 | 00,000,000 | ---D | C] -- G:\WINDOWS\Minidump
[2009/08/07 17:11:01 | 00,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/08/06 12:48:02 | 00,010,858 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\Intern Cover Letter.docx
[2009/08/06 12:21:56 | 00,035,840 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\Resume - Intern.doc
[2009/08/06 11:40:12 | 00,029,184 | ---- | C] () -- G:\Documents and Settings\T-Ravis\Desktop\Resume.doc
[2009/08/05 15:26:09 | 00,201,151 | ---- | C] () -- G:\WINDOWS\System32\nvapps.xml
[2009/08/05 15:25:32 | 00,018,477 | ---- | C] () -- G:\WINDOWS\System32\nvdisp.nvu
[2009/08/05 15:25:32 | 00,000,000 | ---D | C] -- G:\WINDOWS\nview
[2009/08/05 15:25:31 | 00,453,152 | ---- | C] (NVIDIA Corporation) -- G:\WINDOWS\System32\nvudisp.exe
[2009/08/05 15:24:38 | 00,453,152 | ---- | C] (NVIDIA Corporation) -- G:\WINDOWS\System32\NVUNINST.EXE
[2009/08/02 16:04:23 | 00,000,162 | -H-- | C] () -- G:\Documents and Settings\T-Ravis\My Documents\~$ych sites.docx
[2009/08/02 16:04:19 | 00,014,056 | ---- | C] () -- G:\Documents and Settings\T-Ravis\My Documents\Psych sites.docx
[2009/07/20 14:10:16 | 00,000,000 | ---- | C] () -- G:\WINDOWS\HMHud.INI
[2009/06/01 16:26:41 | 00,103,424 | ---- | C] ( ) -- G:\WINDOWS\System32\TableScan_nat.dll
[2009/04/17 01:16:49 | 00,717,296 | ---- | C] () -- G:\WINDOWS\System32\drivers\sptd.sys
[2009/03/24 00:35:05 | 00,000,000 | ---- | C] () -- G:\WINDOWS\Realtime.INI
[2009/02/10 04:29:37 | 00,000,164 | ---- | C] () -- G:\WINDOWS\avrack.ini
[2009/02/10 01:25:48 | 00,156,672 | ---- | C] () -- G:\WINDOWS\System32\RTLCPAPI.dll
[2009/02/10 01:02:11 | 00,168,448 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2009/02/10 01:02:09 | 03,596,288 | ---- | C] () -- G:\WINDOWS\System32\qt-dx331.dll
[2009/02/10 01:02:09 | 00,795,648 | ---- | C] () -- G:\WINDOWS\System32\xvidcore.dll
[2009/02/10 01:02:09 | 00,130,048 | ---- | C] () -- G:\WINDOWS\System32\xvidvfw.dll
[2009/02/10 01:02:08 | 00,057,344 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2009/02/10 01:02:08 | 00,000,547 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/23 10:33:18 | 00,053,299 | ---- | C] () -- G:\WINDOWS\System32\pthreadVC.dll
[2008/10/07 00:33:00 | 01,703,936 | ---- | C] () -- G:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 00:33:00 | 01,486,848 | ---- | C] () -- G:\WINDOWS\System32\nview.dll
[2008/10/07 00:33:00 | 01,019,904 | ---- | C] () -- G:\WINDOWS\System32\nvwimg.dll
[2008/10/07 00:33:00 | 00,466,944 | ---- | C] () -- G:\WINDOWS\System32\nvshell.dll
[2008/10/07 00:33:00 | 00,286,720 | ---- | C] () -- G:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- G:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- G:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- G:\WINDOWS\System32\OnlineScannerLang.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- G:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- G:\WINDOWS\System32\lnod32apiA.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- G:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- G:\WINDOWS\System32\lnod32upd.dll
[2001/08/23 06:00:00 | 00,000,552 | ---- | C] () -- G:\WINDOWS\win.ini
[2001/08/23 06:00:00 | 00,000,227 | ---- | C] () -- G:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 G:\*.tmp files]
[1 G:\WINDOWS\System32\*.tmp files]
[4 G:\WINDOWS\*.tmp files]
[2009/08/24 15:56:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\T-Ravis\Desktop\OTL.exe
[2009/08/24 14:06:12 | 00,029,696 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 03:01:18 | 00,018,757 | ---- | M] () -- G:\WINDOWS\System32\Config.MPF
[2009/08/24 03:01:15 | 00,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2009/08/24 03:00:12 | 00,201,151 | ---- | M] () -- G:\WINDOWS\System32\nvapps.xml
[2009/08/24 03:00:07 | 00,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2009/08/24 03:00:01 | 00,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2009/08/21 11:46:06 | 00,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/21 03:39:28 | 00,348,784 | -H-- | M] () -- G:\Documents and Settings\T-Ravis\Local Settings\Application Data\IconCache.db
[2009/08/21 03:25:16 | 00,000,977 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2009/08/21 02:46:29 | 00,000,652 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/08/21 02:46:29 | 00,000,640 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\MagicDisc.lnk
[2009/08/21 02:45:33 | 00,001,486 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\MagicISO.lnk
[2009/08/21 02:19:59 | 00,002,419 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Shortcut to HoldemManager.exe.lnk
[2009/08/18 17:55:29 | 00,001,734 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\HijackThis.lnk
[2009/08/17 10:29:00 | 00,012,260 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\Intern - Grades.docx
[2009/08/17 10:20:12 | 00,290,088 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/16 22:00:01 | 00,000,388 | ---- | M] () -- G:\WINDOWS\tasks\SmartDefrag.job
[2009/08/15 03:02:23 | 00,505,234 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/15 03:02:23 | 00,444,028 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2009/08/15 03:02:23 | 00,071,904 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2009/08/15 01:04:44 | 00,000,344 | ---- | M] () -- G:\WINDOWS\tasks\McDefragTask.job
[2009/08/14 16:00:19 | 00,000,660 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2009/08/13 03:05:12 | 00,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2009/08/13 02:01:20 | 13,252,067 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\holdemmanager.zip
[2009/08/13 01:51:39 | 12,069,812 | ---- | M] (Holdem Manager, roy@holdemmanager.net) -- G:\Documents and Settings\T-Ravis\Desktop\HmBetaUpdate.exe
[2009/08/06 12:49:07 | 00,010,858 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\Intern Cover Letter.docx
[2009/08/06 12:29:40 | 00,035,840 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\Resume - Intern.doc
[2009/08/06 11:40:12 | 00,029,184 | ---- | M] () -- G:\Documents and Settings\T-Ravis\Desktop\Resume.doc
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 14:56:01 | 00,000,664 | ---- | M] () -- G:\WINDOWS\System32\d3d9caps.dat
[2009/08/02 16:25:02 | 00,014,056 | ---- | M] () -- G:\Documents and Settings\T-Ravis\My Documents\Psych sites.docx
[2009/08/02 16:04:23 | 00,000,162 | -H-- | M] () -- G:\Documents and Settings\T-Ravis\My Documents\~$ych sites.docx
[2009/08/01 01:00:26 | 00,000,336 | ---- | M] () -- G:\WINDOWS\tasks\McQcTask.job
[2009/07/30 01:44:58 | 00,002,137 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\MRT.exe
[2009/07/27 17:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\dhtmled.ocx

========== LOP Check ==========

[2009/08/07 17:11:01 | 00,000,000 | RH-D | M] -- G:\Documents and Settings\All Users\Application Data
[2009/03/24 14:35:26 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/17 17:47:36 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/28 07:29:45 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\acccore
[2009/04/28 07:30:00 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/04/17 01:24:00 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/20 00:13:31 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/22 02:30:13 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/02/11 14:44:39 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/28 07:29:51 | 00,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/21 03:29:40 | 00,000,000 | RH-D | M] -- G:\Documents and Settings\T-Ravis\Application Data
[2009/04/28 07:34:13 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\acccore
[2009/04/17 01:27:49 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\DAEMON Tools
[2009/04/17 01:28:50 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\DAEMON Tools Lite
[2009/04/17 01:25:10 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\DAEMON Tools Pro
[2009/02/11 15:30:19 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\Foxit
[2009/04/21 01:18:56 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\ImgBurn
[2009/04/26 11:19:01 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\IObit
[2009/04/28 07:48:58 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\Juniper Networks
[2009/02/22 03:09:05 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\Locate32
[2009/08/21 03:29:40 | 00,000,000 | ---D | M] -- G:\Documents and Settings\T-Ravis\Application Data\My Games
[2009/08/21 11:46:06 | 00,000,284 | ---- | M] () -- G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 06:00:00 | 00,000,065 | RH-- | M] () -- G:\WINDOWS\Tasks\desktop.ini
[2009/08/15 01:04:44 | 00,000,344 | ---- | M] () -- G:\WINDOWS\Tasks\McDefragTask.job
[2009/08/01 01:00:26 | 00,000,336 | ---- | M] () -- G:\WINDOWS\Tasks\McQcTask.job
[2009/08/24 03:00:07 | 00,000,006 | -H-- | M] () -- G:\WINDOWS\Tasks\SA.DAT
[2009/08/16 22:00:01 | 00,000,388 | ---- | M] () -- G:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 125 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 24th, 2009, 5:52 pm

Francis,

The epmail.elpaso.com desktop component has something to do with my girlfriend's job. It is not important and I have no problem removing it in order to regain my desktop usage.

Here's my other OTL log:

OTL Extras logfile created on: 8/24/2009 3:58:09 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = G:\Documents and Settings\T-Ravis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.72% Memory free
2.36 Gb Paging File | 1.85 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): G:\pagefile.sys 528 1056 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 114.48 Gb Total Space | 106.26 Gb Free Space | 92.82% Space Free | Partition Type: NTFS
Drive D: | 1.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 1.19 Gb Free Space | 0.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 64.29 Gb Total Space | 28.75 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 543.25 Gb Free Space | 58.32% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TRAVIS
Current User Name: T-Ravis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- G:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"G:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = G:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"G:\Program Files\Bonjour\mDNSResponder.exe" = G:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"G:\Program Files\Common Files\AOL\Loader\aolload.exe" = G:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"G:\Program Files\AIM6\aim6.exe" = G:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"G:\Program Files\iTunes\iTunes.exe" = G:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo v0.34 (BETA)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead Movie Wizard SE VCD
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Ask Toolbar_is1" = Foxit Toolbar
"Cain & Abel v4.9.28" = Cain & Abel v4.9.28
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"Locate" = Locate32
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PlayersOnly Poker" = PlayersOnly Poker
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.83
"Secunia PSI" = Secunia PSI
"SharkScope HUD" = SharkScope HUD 1.0.111
"Smart Defrag_is1" = Smart Defrag 1.20
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinPcapInst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2009 3:10:00 AM | Computer Name = TRAVIS | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hmimport.exe, version 1.0.0.0, stamp 00000016,
faulting module mscorwks.dll, version 2.0.50727.3082, stamp 492b82c1, debug? 0,
fault address 0x001236a5.

Error - 8/21/2009 10:48:24 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1004
Description = Faulting application Mcshield.exe, version 14.0.0.349, faulting module
mcscan32.dll, version 5.300.0.2777, fault address 0x0025a708.

Error - 8/21/2009 10:51:19 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1001
Description = Fault bucket 951681193.

Error - 8/23/2009 11:39:57 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/23/2009 5:04:23 PM | Computer Name = TRAVIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2009 9:11:16 PM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module schedsvc.dll, version 5.1.2600.5512, fault address 0x00006f5c.

Error - 8/23/2009 11:34:22 PM | Computer Name = TRAVIS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The hash value is not correct.

Error - 8/24/2009 4:03:05 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application civilization4.exe, version 1.6.1.1841, faulting
module binkw32.dll, version 1.8.6.0, fault address 0x00013460.

Error - 8/24/2009 4:03:11 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1001
Description = Fault bucket 283628501.

Error - 8/24/2009 2:37:51 PM | Computer Name = TRAVIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 8/21/2009 3:10:00 AM | Computer Name = TRAVIS | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hmimport.exe, version 1.0.0.0, stamp 00000016,
faulting module mscorwks.dll, version 2.0.50727.3082, stamp 492b82c1, debug? 0,
fault address 0x001236a5.

Error - 8/21/2009 10:48:24 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1004
Description = Faulting application Mcshield.exe, version 14.0.0.349, faulting module
mcscan32.dll, version 5.300.0.2777, fault address 0x0025a708.

Error - 8/21/2009 10:51:19 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1001
Description = Fault bucket 951681193.

Error - 8/23/2009 11:39:57 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/23/2009 5:04:23 PM | Computer Name = TRAVIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2009 9:11:16 PM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module schedsvc.dll, version 5.1.2600.5512, fault address 0x00006f5c.

Error - 8/23/2009 11:34:22 PM | Computer Name = TRAVIS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The hash value is not correct.

Error - 8/24/2009 4:03:05 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1000
Description = Faulting application civilization4.exe, version 1.6.1.1841, faulting
module binkw32.dll, version 1.8.6.0, fault address 0x00013460.

Error - 8/24/2009 4:03:11 AM | Computer Name = TRAVIS | Source = Application Error | ID = 1001
Description = Fault bucket 283628501.

Error - 8/24/2009 2:37:51 PM | Computer Name = TRAVIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/21/2009 10:55:15 AM | Computer Name = TRAVIS | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/21/2009 11:25:19 AM | Computer Name = TRAVIS | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 8/21/2009 8:36:48 PM | Computer Name = TRAVIS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00142A0C5C9C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/21/2009 8:37:43 PM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/23/2009 3:27:42 AM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/23/2009 4:12:23 AM | Computer Name = TRAVIS | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 8/23/2009 12:15:48 PM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/23/2009 1:17:09 PM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/23/2009 11:29:56 PM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/24/2009 4:01:04 AM | Computer Name = TRAVIS | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby francis327 » August 25th, 2009, 7:18 am

Hi Trravis,

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
Do you know anything about the above entry? Please let me know in your next reply.



Next, please continue with the following.
1 - Window Validation
  1. Please download this tool from Microsoft.
  2. Double click on MGADiag.exe to run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.


2 - OTL
  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :Files
    @G:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
    @G:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTL.


3 - Malwarebytes Anti Malware
Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


4 - GMER
  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic


5 - Status Check
In your next reply, kindly please post the following

  • Validation log
  • OTL log
  • MBAM log
  • GMER log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 25th, 2009, 6:12 pm

Francis,

No idea what that entry might be.

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-WWPBR-M7T2R-PB8BM
Windows Product Key Hash: dBDWz9OwWPtYCCiiDNRfvpGgZRE=
Windows Product ID: 55274-642-0645805-23135
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {148EB1D4-DE03-4F94-97A5-7E143A4351E6}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: G:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{148EB1D4-DE03-4F94-97A5-7E143A4351E6}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PB8BM</PKey><PID>55274-642-0645805-23135</PID><PIDType>1</PIDType><SID>S-1-5-21-606747145-115176313-1177238915</SID><SYSTEM><Manufacturer>P4M800</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS/><HWID>823B369F01842E7D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>94436407C3F2586</Val><Hash>Nh+O7p+E5Ha5+8Lxn9JfFULj9GM=</Hash><Pid>89388-707-9845457-65440</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E0C1:Systemax Manufacturing
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A








All processes killed
========== FILES ==========
Unable to delete ADS G:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A .
Unable to delete ADS G:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. G:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. G:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: T-Ravis
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 529339 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3790066 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.23 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08252009_144129

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







Malwarebytes' Anti-Malware 1.40
Database version: 2695
Windows 5.1.2600 Service Pack 3

8/25/2009 4:03:16 PM
mbam-log-2009-08-25 (16-03-16).txt

Scan type: Full Scan (C:\|G:\|H:\|)
Objects scanned: 178502
Time elapsed: 1 hour(s), 0 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 25th, 2009, 6:13 pm

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-25 17:09:26
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spdq.sys ZwCreateKey [0xBA6A80E0]
SSDT spdq.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spdq.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spdq.sys ZwOpenKey [0xBA6A80C0]
SSDT spdq.sys ZwQueryKey [0xBA6C7108]
SSDT spdq.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spdq.sys ZwSetValueKey [0xBA6C719A]

INT 0x62 ? 8A569BF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x82 ? 8A569BF8
INT 0x83 ? 8A569BF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB75919AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7591958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB759196C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7591A5B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7591A87]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB75919EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB7591B21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7591930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB7591944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB75919BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7591AC9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB7591A71]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7591B49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7591B35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7591996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7591982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7591A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7591B0B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7591A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB75919D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP B75919D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP B75919AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP B75919EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP B7591A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP B75919C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP B7591934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP B7591948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP B7591986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP B7591970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP B759195C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP B759199A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP B7591A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP B7591B0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP B7591ACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP B7591A75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP B7591A5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP B7591A8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP B7591B39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP B7591B4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP B7591B25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spdq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E718AC 5 Bytes JMP 8A30B1D8
.text au3fzcub.SYS B9A3E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text au3fzcub.SYS B9A3E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text au3fzcub.SYS B9A3E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text au3fzcub.SYS B9A3E3C9 1 Byte [2E]
.text au3fzcub.SYS B9A3E3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070090
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F9B
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070073
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070062
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070036
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F59
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F6A
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F34
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700CD
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700E8
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070047
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700A1
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001B
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCA
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700BC
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FB9
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060040
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FEF
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F83
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F94
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060025
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050031
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC1
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005000C
.text G:\WINDOWS\system32\services.exe[660] USERENV.dll!UnloadUserProfile + CACA 76A2A3F1 1 Byte [01]
.text G:\WINDOWS\system32\services.exe[660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF008C
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F8D
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF005B
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F9E
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FB9
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F61
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F72
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D5
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F3C
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00F0
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0040
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF009D
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FD4
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0025
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00BA
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0000
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F54
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FB9
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FD4
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0F6F
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F8A
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0011
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0F9F
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FB0
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0016
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FC1
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FD2
.text G:\WINDOWS\system32\lsass.exe[672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30000
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F88
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30073
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30FA5
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30062
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FD1
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300C9
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300A2
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F41
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D300DA
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30F26
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FC0
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30011
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F77
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D3003D
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D3002C
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D30F66
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20FCA
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20F68
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D2001B
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FE5
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D20F83
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20000
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D20F9E
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 88]
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D20FB9
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10042
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10FB7
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10FD2
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10000
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D1001D
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10FE3
.text G:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00000
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C9000A
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90FAC
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C900A1
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90090
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90FC7
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C9004E
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F80
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C900BC
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900F4
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C90F5B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90F40
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90069
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C9001B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F9B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C9003D
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C9002C
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C900D9
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C8002F
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80F8D
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80014
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80FDE
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C80F9E
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80FEF
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C80040
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80FC3
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70FB2
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70033
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70FD7
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70000
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70022
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70011
.text G:\WINDOWS\system32\svchost.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60000
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02570FEF
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02570093
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02570078
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02570067
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0257004A
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02570025
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02570F52
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02570F79
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025700E1
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025700D0
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02570F2D
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02570F9E
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0257000A
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025700A4
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02570FC3
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02570FD4
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025700B5
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02130022
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02130058
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02130FDB
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02130011
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02130F9B
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02130000
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02130FB6
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [33, 8A]
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0213003D
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02120FA8
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 02120033
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02120FDE
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0212000C
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02120FCD
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02120FEF
.text G:\WINDOWS\System32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02110FEF
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02100FE5
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02100000
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02100FD4
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 0210001B
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FEF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0FAF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C009A
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0089
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C006C
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0040
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00DA
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0F9E
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00FF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F66
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F4B
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0051
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C000A
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C00C9
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0FD4
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0025
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C0F77
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0FC3
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0F79
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B0FD4
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B0FEF
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007B0040
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007B000A
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007B0F9E
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9B, 88]
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007B0025
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A002F
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0FA4
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0FB5
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0FE3
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A000A
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0FC6
.text G:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00790FEF
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F66
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F77
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80F94
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FA5
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8002C
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F3A
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80076
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F04
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F1F
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80EF3
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80051
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FE5
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F55
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8001B
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FCA
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B8009D
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FCA
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70FAF
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FDB
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70011
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70076
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B7005B
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70036
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F97
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB2
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FD7
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60022
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60011
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40051
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F52
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F63
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F80
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FA5
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F0B
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F26
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40EFA
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40089
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40EE9
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4002C
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FD4
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F41
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40011
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40000
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40078
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FB2
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F75
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FCD
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FDE
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30028
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30F86
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30FA1
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20042
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20027
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FD2
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FB7
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2000C
.text G:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A1000A
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02440FEF
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024400A5
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0244008A
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02440079
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02440068
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02440FBC
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024400EE
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024400DD
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02440121
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02440110
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02440F6D
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02440043
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02440FDE
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024400B6
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02440FCD
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0244001E
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024400FF
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02430FC0
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02430F72
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02430011
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02430FE5
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02430F83
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02430000
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02430F94
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [63, 8A]
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02430FAF
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0242006E
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!system 77C293C7 5 Bytes JMP 0242005D
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02420027
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02420000
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02420042
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02420FE3
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02400FE5
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02400000
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02400011
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02400022
.text G:\WINDOWS\Explorer.EXE[1472] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02410FEF
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F92
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0087
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FAF
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0062
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FCA
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00B5
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00A4
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F41
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F52
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00F5
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0047
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F77
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FDB
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA002C
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00D0
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FB2
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930039
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930028
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F86
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930F97
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920027
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FA6
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092000C
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FE3
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FB7
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00900FEF
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00900FD4
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00900FB9
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00900FA8
.text G:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F9B
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0090
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB6
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004E
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F65
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A1
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00F4
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00E3
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0105
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FD1
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F76
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C8
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029001B
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290065
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FC0
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDB
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F9E
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FAF
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290036
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FD2
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0053
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FE3
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E000C
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0042
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E001D
.text G:\WINDOWS\System32\svchost.exe[2648] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F70
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0065
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F81
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0040
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FAF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F38
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0080
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00C0
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00AF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F0C
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F9E
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F55
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCA
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F27
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0069
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FDE
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FEF
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A000C
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A004E
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B001B
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0058
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FCA
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FE5
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FA5
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0047
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B002C
.text G:\WINDOWS\system32\wuauclt.exe[3676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spdq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spdq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spdq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spdq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spdq.sys
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spdq.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5681F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8A10E500

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A3C11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5D51F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3C11F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3C11F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3C11F8
Device \Driver\usbehci \Device\USBPDO-4 8A3AA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\PCI_PNP2692 \Device\00000049 spdq.sys
Device \Driver\usbstor \Device\00000070 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A56A1F8
Device \Driver\usbstor \Device\00000071 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A56A1F8
Device \Driver\Cdrom \Device\CdRom0 8A3CD500
Device \Driver\usbstor \Device\00000072 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A56A1F8
Device \Driver\Cdrom \Device\CdRom1 8A3CD500
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A56A1F8
Device \Driver\Cdrom \Device\CdRom2 8A3CD500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2E31F8
Device \Driver\NetBT \Device\NetbiosSmb 8A2E31F8

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8A3C11F8
Device \Driver\sptd \Device\1034783942 spdq.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B195FBB7-F822-4F69-8E63-B4E9F35FF758} 8A2E31F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3C11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A204500
Device \Driver\usbuhci \Device\USBFDO-2 8A3C11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A204500
Device \Driver\usbstor \Device\0000006f 8A1E0500
Device \Driver\usbuhci \Device\USBFDO-3 8A3C11F8
Device \Driver\usbehci \Device\USBFDO-4 8A3AA1F8
Device \Driver\Ftdisk \Device\FtControl 8A56A1F8
Device \Driver\au3fzcub \Device\Scsi\au3fzcub1 8A29B1F8
Device \Driver\au3fzcub \Device\Scsi\au3fzcub1Port5Path0Target0Lun0 8A29B1F8
Device \FileSystem\Fastfat \Fat 8A10E500

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A0F3500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxckdpgmavdefxejntjnlmnecsxphaejsht.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xC0 0x11 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxckdpgmavdefxejntjnlmnecsxphaejsht.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xC0 0x11 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF2 0xF9 0xCB 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF2 0xF9 0xCB 0xE1 ...

---- EOF - GMER 1.0.15 ----
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 25th, 2009, 6:14 pm

GMER 1.0.15.15077 - http://www.gmer.net
Autostart scan 2009-08-25 17:10:27
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = G:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "G:\Program Files\Bonjour\mDNSResponder.exe"
MBackMonitor@ = G:\Program Files\McAfee\MBK\MBackMonitor.exe
McAfee SiteAdvisor Service@ = "G:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc@ = G:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc@ = "g:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy@ = g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McShield@ = G:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MpfService@ = "G:\Program Files\McAfee\MPF\MPFSrv.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
pgsql-8.3@ = "G:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "G:\Program Files\PostgreSQL\8.3\data\"
UleadBurningHelper@ = G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Viewpoint Manager Service@ = "G:\Program Files\Viewpoint\Common\ViewpointService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@mcagent_exeG:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/ = G:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@GrooveMonitor"G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
@QuickTime Task"G:\Program Files\QuickTime\QTTask.exe" -atboottime = "G:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"G:\Program Files\iTunes\iTunesHelper.exe" = "G:\Program Files\iTunes\iTunesHelper.exe"
@NvCplDaemonRUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@McAfee BackupG:\Program Files\McAfee\MBK\McAfeeDataBackup.exe = G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
@MBkLogOnHookG:\Program Files\McAfee\MBK\LogOnHook.exe = G:\Program Files\McAfee\MBK\LogOnHook.exe
RunOnce@Malwarebytes' Anti-Malware = G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@swgG:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@ctfmon.exeG:\WINDOWS\system32\ctfmon.exe = G:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{81559C35-8464-49F7-BB0E-07A383BEF910}G:\Program Files\SpywareGuard\spywareguard.dll = G:\Program Files\SpywareGuard\spywareguard.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/G:\WINDOWS\system32\extmgr.dll = G:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/G:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = G:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/G:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = G:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/G:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = G:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/G:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = G:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/G:\Program Files\Microsoft Office\Office12\msohevi.dll = G:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/G:\Program Files\WinRAR\rarext.dll = G:\Program Files\WinRAR\rarext.dll
@{81559C35-8464-49F7-BB0E-07A383BEF910} /**/G:\Program Files\SpywareGuard\spywareguard.dll = G:\Program Files\SpywareGuard\spywareguard.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/G:\WINDOWS\system32\ieframe.dll = G:\WINDOWS\system32\ieframe.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/G:\WINDOWS\system32\dfshim.dll = G:\WINDOWS\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/G:\WINDOWS\system32\dfshim.dll = G:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/G:\Program Files\iTunes\iTunesMiniPlayer.dll = G:\Program Files\iTunes\iTunesMiniPlayer.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/G:\WINDOWS\system32\nvcpl.dll = G:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/G:\WINDOWS\system32\nvcpl.dll = G:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/G:\WINDOWS\system32\nvshell.dll = G:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/G:\WINDOWS\system32\nvshell.dll = G:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/G:\WINDOWS\system32\nvshell.dll = G:\WINDOWS\system32\nvshell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = G:\Program Files\MagicISO\misosh.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = g:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = G:\Program Files\MagicISO\misosh.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = G:\Program Files\MagicISO\misosh.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = G:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = g:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{201f27d4-3704-41d6-89c1-aa35e39143ed}G:\Program Files\AskBarDis\bar\bin\askBar.dll = G:\Program Files\AskBarDis\bar\bin\askBar.dll
@{4A368E80-174F-4872-96B5-0B27DDD11DB2}G:\Program Files\SpywareGuard\dlprotect.dll = G:\Program Files\SpywareGuard\dlprotect.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}G:\Program Files\McAfee\VirusScan\scriptsn.dll = G:\Program Files\McAfee\VirusScan\scriptsn.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll = G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll = G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
@{b0cda128-b425-4eef-a174-61a11ac5dbf8}G:\Program Files\AIM Toolbar\aimtb.dll = G:\Program Files\AIM Toolbar\aimtb.dll
@{B164E929-A1B6-4A06-B104-2CD0E90A88FF}g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll = g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll = G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}G:\Program Files\Java\jre6\bin\jp2ssv.dll = G:\Program Files\Java\jre6\bin\jp2ssv.dll
@{EAD3A971-6A23-4246-8691-C9244E858967}G:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll = G:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
text/xml@CLSID = G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
x-sdch@CLSID = G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = G:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
its@CLSID = G:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = G:\WINDOWS\system32\itss.dll
sacore@CLSID = g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
tv@CLSID = G:\WINDOWS\system32\msvidctl.dll
wia@CLSID = G:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = G:\Program Files\Bonjour\mdnsNSP.dll

G:\Documents and Settings\T-Ravis\Start Menu\Programs\Startup >>>
Locate32 Autorun.lnk = Locate32 Autorun.lnk
MagicDisc.lnk = MagicDisc.lnk
Secunia PSI.lnk = Secunia PSI.lnk
SpywareGuard.lnk = SpywareGuard.lnk

G:\Documents and Settings\All Users\Start Menu\Programs\Startup = Photo Loader supervisory.lnk

---- EOF - GMER 1.0.15 ----
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby francis327 » August 26th, 2009, 11:43 am

Hi Trravis,
I would like to bring your attention to this part of our Malware Removal Policy

  • Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.


I am sorry to tell you that we have found that you are not using a Original copy of Windows Operating System and i shall not be able to provide you with further assistance on the problem that you are having now.

However, if you bought the computer with the operating system pre-installed, then you should contact Microsoft and see if you are eligible for a genuine activation key.

Status Check
Please come back to me with your status of your Windows if you know anything about it.

Thanks
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: McAfee not updating, Firefox shutting down

Unread postby Trravis » August 26th, 2009, 12:28 pm

Francis,

I bought my computer from a friend when he was looking to upgrade. I've never had any problems with my OS and never had cause to doubt its authenticity. I'll have to contact Microsoft and see what the deal is.

A big thank you for all your help so far.


Travis
Trravis
Active Member
 
Posts: 9
Joined: August 18th, 2009, 6:57 pm

Re: McAfee not updating, Firefox shutting down

Unread postby Katana » August 27th, 2009, 4:24 am

Due to non legal software this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 601 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware