# happili.com google redirect



## robbyworld (Jul 21, 2010)

I have been experiencing some redirect problems with Google in Mozilla Firefox. This does not occur every time I search in Google, and it usually redirects to happili.com when I click on a search link. In reading other forum entries, I see that others have had similar problems and these have been solved successfully. I am hoping this will be an easy case to address.

I have copied the HJT log. I ran the other logs (DDS, GMER) as well, but they made the post too long and it would not upload. I can supply as needed.

Thanks in advance for assistance offered.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:34 PM, on 10/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9136 bytes


----------



## Blade81 (Oct 27, 2006)

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.

Download DDS and save it to your desktop from *here* or *here* or *here*.
Disable any script blocker, and then double click *dds file *to run the tool. 
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop. Post them back to your topic.


----------



## robbyworld (Jul 21, 2010)

Blade81-

Thanks for the response. I ran DDS and the text log is included, attach log is attached.

DDS (Ver_10-10-10.03) - NTFSx86 
Run by rob at 8:54:05.60 on Tue 11/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.238 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rob\Desktop\computer rx\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\1qwuhrng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39} - c:\documents and settings\rob\local settings\application data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-4-21 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-4-21 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-4-21 108256]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-10-19 16:54:30 -------- d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-09-23 16:14:44 89680 ----a-w- c:\documents and settings\rob\MSSSerif120.fon

============= FINISH: 8:56:10.03 ===============


----------



## Blade81 (Oct 27, 2006)

Hi,

BitTorrent
DNA

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My *recommendation is to uninstall these (and other if present) P2P file sharing programs*.

Download GMER here by clicking download exe -button and then saving it your desktop:
Double-click *.exe* that you downloaded
Click *rootkit*-tab, uncheck files option and then click *scan.*
*Don't check 
Show All
box while scanning in progress!*
When scanning is ready, click *Copy*.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.


----------



## robbyworld (Jul 21, 2010)

Blade-

Thanks again. Here is the GMER log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 13:27:23
Windows 5.1.2600 Service Pack 2
Running: msofgroo.exe; Driver: C:\DOCUME~1\rob\LOCALS~1\Temp\fwtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT 85E54109 ZwCreateThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA6D3620]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_read  77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1148] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text  C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1404] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WS2_32.dll!bind  71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1584] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1680] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!system  77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1856] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text  C:\Program Files\Messenger\msmsgs.exe[1888] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Messenger\msmsgs.exe[1888] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2088] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2548] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WS2_32.dll!socket  71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[3156] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WININET.dll!InternetOpenA 771C57BE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3960] WININET.dll!InternetReadFile 771C7C3F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \FileSystem\Fastfat \Fat A8D54C8A

AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


----------



## Blade81 (Oct 27, 2006)

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


*Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix*, link
Remember to re-enable them afterwards.

Click *Yes* to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

*C:\ComboFix.txt
New dds log.*

*A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.*


----------



## robbyworld (Jul 21, 2010)

Blade81:

I followed your advice and have attached the requested logs. The DDS Attach log is attached.

ComboFix 10-11-02.01 - rob 11/02/2010 15:04:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.701 [GMT -5:00]
Running from: c:\documents and settings\rob\Desktop\computer rx\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\rob\Local Settings\Application Data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}
c:\documents and settings\rob\Local Settings\Application Data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}\chrome.manifest
c:\documents and settings\rob\Local Settings\Application Data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}\chrome\content\_cfg.js
c:\documents and settings\rob\Local Settings\Application Data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}\chrome\content\overlay.xul
c:\documents and settings\rob\Local Settings\Application Data\{A51F5E60-5FF6-41E8-8A3E-F0C3B0E9ED39}\install.rdf
c:\documents and settings\rob\My Documents\DPE.DUS
C:\LOGBC.tmp
c:\windows\934fdfg34fgjf23

c:\windows\system32\proquota.exe was missing 
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-02 20:08 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-11-02 20:08 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-10-19 16:54 . 2010-10-19 16:54 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:14 . 2006-01-24 16:50 89680 ----a-w- c:\documents and settings\rob\MSSSerif120.fon
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-16 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-02 474624]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-23 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-2 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/21/2006 2:33 PM 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 67656]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - fwtdqpow
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 02:14]

2010-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-7422606-179677318-3654791194-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-7422606-179677318-3654791194-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\1qwuhrng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 15:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\EntApi.dll
.
Completion time: 2010-11-02 15:12:16
ComboFix-quarantined-files.txt 2010-11-02 20:11

Pre-Run: 8,533,516,288 bytes free
Post-Run: 8,676,028,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7A686F2A5EED6A70F53AF683D0921871

DDS (Ver_10-10-10.03) - NTFSx86 
Run by rob at 15:18:13.84 on Tue 11/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.375 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\rob\Desktop\computer rx\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\1qwuhrng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-4-21 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-4-21 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-4-21 108256]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-11-02 20:08:59 50176 ----a-w- c:\windows\system32\proquota.exe
2010-11-02 20:08:59 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-11-02 20:02:55 -------- d-sha-r- C:\cmdcons
2010-11-02 19:59:56 98816 ----a-w- c:\windows\sed.exe
2010-11-02 19:59:56 86528 ----a-w- c:\windows\MBR.exe
2010-11-02 19:59:56 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 19:59:56 161792 ----a-w- c:\windows\SWREG.exe
2010-10-19 16:54:30 -------- d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-09-23 16:14:44 89680 ----a-w- c:\documents and settings\rob\MSSSerif120.fon

============= FINISH: 15:18:49.76 ===============


----------



## Blade81 (Oct 27, 2006)

Hi,

Make sure P2P programs aren't running anymore while I'm working on your case. If you don't want to uninstall them, disable them from running anyway. Thanks.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

 Run Spybot-S&D in *Advanced Mode*
 If it is not already set to do this, go to the *Mode* menu
select *
Advanced Mode
*
 On the left hand side, click on *Tools*
 Then click on the *Resident* icon in the list
 Uncheck *
Resident TeaTimer
* and *OK* any prompts.
 Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:


```
DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
```
Save this as
CFScript

*A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.*










Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

*Uninstall old Adobe Reader versions* and get the latest one (9.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable *Flash* versions by following instructions here. Fresh version can be obtained here.

*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update to the latest version...*

*Updating Java:*

Download the latest version of *Java Runtime Environment (JRE) 6 Update 22*.
Click the
*Download*
button to the right.
Select Windows on platform combobox and check the box that says:
*Accept*_ License Agreement_. Click continue.

The page will refresh.
Click on the link to download _Windows Offline Installation_ with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel* double-click on *Add/Remove* programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-6u22-windows-i586-p.exe* to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under *Main* choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*_The other boxes are optional_*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with *Kaspersky Online Scanner* as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


----------



## robbyworld (Jul 21, 2010)

Blade81-

It took some time, but I followed your advice and removed all P2P programs, updated Java, and did the scans you recommended. The logs follow:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 16:14:05
Records in database: 4203178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 77317
Threats found: 5
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 02:20:35

File name / Threat / Threats count
WinVNC.exe\WinVNC.exe/WinVNC.exe\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Program Files\TightVNC\WinVNC.exe/C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Program Files\TightVNC\VNCHOOKS.DLL/C:\Program Files\TightVNC\VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Documents and Settings\rob\Application Data\Sun\Java\Deployment\cache\6.0\44\7278e12c-44ea6704 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\rob\Application Data\Sun\Java\Deployment\cache\6.0\44\7278e12c-44ea6704 Infected: Trojan-Downloader.Java.OpenStream.af 1
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\quarantine\svchost.exe.Vir Infected: Packed.Win32.Zack.a 1

Selected area has been scanned.

DDS (Ver_10-10-10.03) - NTFSx86 
Run by rob at 19:50:38.68 on Tue 11/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.697 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rob\Desktop\computer rx\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\1qwuhrng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

P2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-4-21 58048]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-4-21 102463]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-4-21 108256]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

=============== Created Last 30 ================

2010-11-02 21:43:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-02 21:43:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 21:43:47 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-02 20:39:50 -------- d-----w- c:\docume~1\rob\locals~1\applic~1\Deployment
2010-11-02 20:08:59 50176 ----a-w- c:\windows\system32\proquota.exe
2010-11-02 20:08:59 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-11-02 20:02:55 -------- d-sha-r- C:\cmdcons
2010-11-02 19:59:56 98816 ----a-w- c:\windows\sed.exe
2010-11-02 19:59:56 86528 ----a-w- c:\windows\MBR.exe
2010-11-02 19:59:56 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 19:59:56 161792 ----a-w- c:\windows\SWREG.exe
2010-10-19 16:54:30 -------- d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-09-23 16:14:44 89680 ----a-w- c:\documents and settings\rob\MSSSerif120.fon

============= FINISH: 19:52:03.10 ===============

ComboFix 10-11-02.01 - rob 11/02/2010 16:10:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.476 [GMT -5:00]
Running from: c:\documents and settings\rob\Desktop\computer rx\ComboFix.exe
Command switches used :: c:\documents and settings\rob\Desktop\computer rx\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-02 20:39 . 2010-11-02 20:40 -------- d-----w- c:\documents and settings\rob\Local Settings\Application Data\Deployment
2010-11-02 20:08 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-11-02 20:08 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-10-19 16:54 . 2010-10-19 16:54 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:14 . 2006-01-24 16:50 89680 ----a-w- c:\documents and settings\rob\MSSSerif120.fon
.

((((((((((((((((((((((((((((( [email protected]_20.09.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-02 21:01 . 2010-11-02 21:01 16384 c:\windows\Temp\Perflib_Perfdata_c50.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-16 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-02 474624]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-23 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-2 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/21/2006 2:33 PM 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 67656]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 02:14]

2010-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-7422606-179677318-3654791194-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-7422606-179677318-3654791194-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\1qwuhrng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\EntApi.dll
.
Completion time: 2010-11-02 16:20:17
ComboFix-quarantined-files.txt 2010-11-02 21:20
ComboFix2.txt 2010-11-02 20:12

Pre-Run: 8,622,972,928 bytes free
Post-Run: 8,665,919,488 bytes free

- - End Of File - - 62A97D7DE743BD8C089D44DC92FC4D54


----------



## Blade81 (Oct 27, 2006)

Hi,

Delete these files if found:
C:\Documents and Settings\rob\Application Data\Sun\Java\Deployment\cache\6.0\44\*7278e12c-44ea6704*
C:\quarantine\*svchost.exe.Vir*

Does redirecting still happen?


----------



## robbyworld (Jul 21, 2010)

Blade81-

First off, thank you for all of your help. I deleted the files you recommended and will see if the redirect continues and get back to the forum later today. I am hopeful that I will be able to mark this thread solved. I very much appreciate your efforts.


----------



## Blade81 (Oct 27, 2006)

If no issues, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,*NOT* on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste *Combofix /uninstall* in the runbox and click OK

Please download OTC and save it to desktop.

Double-click *OTC.exe*.
Click the *CleanUp!* button.
Select *Yes* when the 
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select *Yes*.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them.
In a very basic sense, they are used to locate webpages.
We can customize a hosts file so that it blocks certain webpages.
However, it can slow down certain computers.
This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial  here 
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
[*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok

Download and run Secunia Personal Software Inspector (PSI) and fix its findings.

*Just a final reminder for you. I am trying to stress these two points.*
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade


----------



## robbyworld (Jul 21, 2010)

After following your advice I am happy to report that I believe my problem has been solved. Thanks for all your help, I will definitely use Secunia on a regular basis to make sure my computer is up to date.


----------



## Blade81 (Oct 27, 2006)

You're welcome


----------

