Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible backdoor trojan copies passwords and sends it to person's computer DDS log


  • This topic is locked This topic is locked
10 replies to this topic

#1 Doomsis

Doomsis

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 13 February 2009 - 02:30 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/201605/i-use-a-notebook-and-my-mouse-has-been-moving-on-its-own/ ~ OB

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2006 12:42:57 PM
System Uptime: 2/13/2009 1:25:20 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 30A8
Processor: Intel® Celeron® M CPU 410 @ 1.46GHz | U1 | 1463/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 5.218 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.103 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP422: 12/18/2008 8:07:36 AM - Software Distribution Service 3.0
RP423: 12/19/2008 5:06:50 PM - System Checkpoint
RP424: 12/25/2008 10:51:45 AM - System Checkpoint
RP425: 12/26/2008 11:46:29 PM - System Checkpoint
RP426: 12/28/2008 9:16:48 PM - System Checkpoint
RP427: 12/31/2008 5:09:24 PM - System Checkpoint
RP428: 1/1/2009 11:00:00 PM - System Checkpoint
RP429: 1/8/2009 9:42:59 PM - System Checkpoint
RP430: 1/10/2009 1:00:25 AM - System Checkpoint
RP431: 1/11/2009 7:29:32 PM - System Checkpoint
RP432: 1/12/2009 10:21:10 PM - System Checkpoint
RP433: 1/14/2009 3:20:00 PM - Software Distribution Service 3.0
RP434: 1/15/2009 7:08:58 AM - Installed Ultima Online: Mondain's Legacy
RP435: 1/15/2009 7:24:13 AM - Installed Java™ 6 Update 11
RP436: 1/16/2009 4:14:33 PM - System Checkpoint
RP437: 1/17/2009 3:00:35 AM - Software Distribution Service 3.0
RP438: 1/18/2009 12:16:41 PM - Software Distribution Service 3.0
RP439: 1/21/2009 5:09:27 PM - System Checkpoint
RP440: 1/23/2009 5:23:51 PM - System Checkpoint
RP441: 1/30/2009 10:07:55 PM - System Checkpoint
RP442: 2/5/2009 6:39:21 PM - System Checkpoint
RP443: 2/6/2009 6:48:53 PM - System Checkpoint
RP444: 2/7/2009 7:13:46 PM - System Checkpoint
RP445: 2/8/2009 7:55:54 PM - System Checkpoint
RP446: 2/9/2009 9:18:40 PM - Installed SUPERAntiSpyware Free Edition
RP447: 2/12/2009 7:47:15 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Blockland
Bonjour
BufferChm
Choice Guard
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.7
FullDPAppQFolder
Google Earth
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP DVD Play 2.1
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
ijji
ijji Auto Installer
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
LightScribe 1.4.74.1
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (2.0.0.20)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 4.5
Netscape Browser (remove only)
NetWaiting
Office 2003 Trial Assistant
OptionalContentQFolder
OTOY
PhotoGallery
QuickTime
RandMap
Roblox for Pamela Dela Cruz
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
SkinsHP1
SmartAudio
Soldier Front
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Star Wars Empire at War
Starcraft
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Ultima Online: Mondain's Legacy
Unity Web Player
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Viewpoint Media Player
Virtools 3D Life Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

2/8/2009 4:01:47 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.100. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
2/8/2009 4:01:47 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 252.47.70.102 to a request from a client. The data is the error code.
2/8/2009 4:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde Pcmcia ViaIde
2/8/2009 3:59:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/8/2009 3:54:36 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
2/8/2009 3:33:49 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/8/2009 3:29:02 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/9/2009 9:29:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2009 9:29:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 9:30:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2/9/2009 9:30:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
2/11/2009 9:47:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
2/11/2009 9:47:47 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2009 9:48:36 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/11/2009 10:15:40 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 70.185.189.63, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
2/11/2009 10:20:13 PM, error: Dhcp [1002] - The IP address lease 70.185.189.63 for the Network Card with network address 0016D40B08A5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Edited by Orange Blossom, 13 February 2009 - 09:46 PM.


BC AdBot (Login to Remove)

 


#2 Doomsis

Doomsis
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 14 February 2009 - 07:25 PM

I don't kknow if this helps but my mcafee detected a Exploit-Byte Verify in my java files >.> i hope that helps. it was quarantined on the 8th. When i was playing a game it kept spamming these words. My email address got screwed but i resolved it >.>;. I'll do my best until i'm helped. My main computer died from this crap, i don't wanna lose this one esp that i own both of them T_T.

Edited by Doomsis, 15 February 2009 - 01:06 AM.


#3 Doomsis

Doomsis
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 22 February 2009 - 11:31 PM

I successfully removed the trojan w/ my antivirus but the dragging and the clicking still exists. It happens when i go on the web browser

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:44 PM

Posted 25 February 2009 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Doomsis

Doomsis
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 01 March 2009 - 11:10 AM

DDS:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2009 4:16:59 AM
System Uptime: 3/1/2009 7:19:17 AM (4 hours ago)

Motherboard: Hewlett-Packard | | 30A8
Processor: Intel® Celeron® M CPU 410 @ 1.46GHz | U1 | 1462/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 0.995 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.089 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/21/2009 4:17:29 AM - System Checkpoint
RP2: 2/21/2009 4:22:10 AM - Installed Vongo
RP3: 2/21/2009 9:46:00 PM - Software Distribution Service 3.0
RP4: 2/21/2009 10:04:56 PM - Software Distribution Service 3.0
RP5: 2/22/2009 12:06:51 AM - Installed Java™ 6 Update 12
RP6: 2/22/2009 12:14:39 AM -
RP7: 2/22/2009 12:15:13 AM - Shockwave Player
RP8: 2/22/2009 1:18:42 AM - Removed Vongo
RP9: 2/22/2009 1:22:37 AM - Removed Sonic MyDVD Plus
RP10: 2/22/2009 1:25:21 AM - Removed Quicken 2006
RP11: 2/22/2009 1:39:18 AM - Removed Microsoft Office Standard Edition 2003
RP12: 2/22/2009 1:44:40 AM - Installed Ultima Online: Mondain's Legacy
RP13: 2/22/2009 3:00:39 AM - Software Distribution Service 3.0
RP14: 2/22/2009 11:44:31 PM - Software Distribution Service 3.0
RP15: 2/25/2009 3:23:23 PM - Software Distribution Service 3.0
RP16: 2/27/2009 12:58:29 PM - Removed Java™ 6 Update 12
RP17: 2/27/2009 12:59:02 PM - Installed Java™ 6 Update 12

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Bazooka Scanner
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Download Manager 2.3.7
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP DVD Play 2.1
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP Software Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 12
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.74.1
Macromedia Flash Player 8
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
Netscape Browser (remove only)
NetWaiting
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Ultima Online: Mondain's Legacy
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB912945)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

2/22/2009 1:22:40 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/22/2009 1:06:14 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2009 1:01:04 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2009 1:38:59 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
2/22/2009 1:43:52 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
2/22/2009 1:58:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.
2/22/2009 2:03:54 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 5 time(s).
2/22/2009 8:52:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/23/2009 7:16:18 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KOPECKI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EB416628-E1F0-447C-B. The master browser is stopping or an election is being forced.
2/26/2009 8:02:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
2/26/2009 8:02:38 AM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2009 9:10:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/26/2009 9:10:45 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2009 9:12:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2009 4:16:59 AM
System Uptime: 3/1/2009 7:19:17 AM (4 hours ago)

Motherboard: Hewlett-Packard | | 30A8
Processor: Intel® Celeron® M CPU 410 @ 1.46GHz | U1 | 1462/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 0.993 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.089 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/21/2009 4:17:29 AM - System Checkpoint
RP2: 2/21/2009 4:22:10 AM - Installed Vongo
RP3: 2/21/2009 9:46:00 PM - Software Distribution Service 3.0
RP4: 2/21/2009 10:04:56 PM - Software Distribution Service 3.0
RP5: 2/22/2009 12:06:51 AM - Installed Java™ 6 Update 12
RP6: 2/22/2009 12:14:39 AM -
RP7: 2/22/2009 12:15:13 AM - Shockwave Player
RP8: 2/22/2009 1:18:42 AM - Removed Vongo
RP9: 2/22/2009 1:22:37 AM - Removed Sonic MyDVD Plus
RP10: 2/22/2009 1:25:21 AM - Removed Quicken 2006
RP11: 2/22/2009 1:39:18 AM - Removed Microsoft Office Standard Edition 2003
RP12: 2/22/2009 1:44:40 AM - Installed Ultima Online: Mondain's Legacy
RP13: 2/22/2009 3:00:39 AM - Software Distribution Service 3.0
RP14: 2/22/2009 11:44:31 PM - Software Distribution Service 3.0
RP15: 2/25/2009 3:23:23 PM - Software Distribution Service 3.0
RP16: 2/27/2009 12:58:29 PM - Removed Java™ 6 Update 12
RP17: 2/27/2009 12:59:02 PM - Installed Java™ 6 Update 12

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Bazooka Scanner
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Download Manager 2.3.7
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP DVD Play 2.1
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP Software Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 12
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.74.1
Macromedia Flash Player 8
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
Netscape Browser (remove only)
NetWaiting
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Ultima Online: Mondain's Legacy
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB912945)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

2/22/2009 1:22:40 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/22/2009 1:06:14 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2009 1:01:04 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2009 1:38:59 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
2/22/2009 1:43:52 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
2/22/2009 1:58:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.
2/22/2009 2:03:54 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 5 time(s).
2/22/2009 8:52:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/23/2009 7:16:18 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KOPECKI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EB416628-E1F0-447C-B. The master browser is stopping or an election is being forced.
2/26/2009 8:02:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
2/26/2009 8:02:38 AM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2009 9:10:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/26/2009 9:10:45 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2009 9:12:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

Edited by Doomsis, 01 March 2009 - 11:28 AM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:44 PM

Posted 02 March 2009 - 08:02 PM

Hello, Doomsis
You're missing the main part of the log :thumbup2:

Please ensure you post all the logs in the future ;)

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Doomsis

Doomsis
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 02 March 2009 - 11:20 PM

OTListIt logfile created on: 3/2/2009 10:25:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.3 Folder = C:\Documents and Settings\P\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 129.37 Mb Available Physical Memory | 25.77% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.23 Gb Total Space | 0.95 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.09 Gb Free Space | 13.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAPERMATE
Current User Name: P
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/27 12:59:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/02/17 17:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2006/03/15 16:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2004/08/04 16:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/02/14 21:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/03/23 07:17:04 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/03/23 07:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/03/23 07:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2006/03/04 00:46:48 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/04/11 23:54:16 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/02/17 01:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/08/11 18:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/03/07 15:38:14 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2005/12/23 23:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/09/24 11:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/08 20:30:26 | 00,923,488 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcshell.exe
PRC - [2009/01/09 12:02:58 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/02 22:25:12 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\P\Desktop\OTListIt2.exe
PRC - [2009/01/08 20:30:26 | 00,781,288 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 12:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/04 16:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/03/15 16:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/27 12:59:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/02/17 17:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/01/09 18:51:42 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/01/09 12:02:58 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/01/19 04:18:52 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/03/02 06:03:32 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/11/03 03:31:38 | 00,157,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/09/19 15:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/09/19 15:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2005/09/19 15:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2006/04/18 06:29:06 | 00,569,856 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/22 10:06:16 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/08/22 10:07:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/03/23 07:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/13 04:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/02/15 05:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 13:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/04 00:31:48 | 00,192,736 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/08/22 10:06:10 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\S-1-5-21-1778645279-2012148862-202838856-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/02/22 04:31:34 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/27 12:59:13 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components -> %ProgramFiles%\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS] -> [2009/02/21 05:35:20 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins -> %ProgramFiles%\NETSCAPE\NETSCAPE BROWSER\PLUGINS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS] -> [2009/02/24 15:46:00 00,000,000 | ---D | M]
FF - C:\Documents and Settings\P\Application Data\mozilla\Extensions [2009/02/21 15:46:37 00,000,000 | ---D | M]
FF - C:\Documents and Settings\P\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/21 15:46:37 00,000,000 | ---D | M]
FF - C:\Documents and Settings\P\Application Data\mozilla\Firefox\Profiles\nuwm2sew.default\extensions [2009/02/21 15:46:37 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/14 10:08:32 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/14 10:07:47 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1778645279-2012148862-202838856-1006\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/02 22:24:14 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\P\Desktop\OTListIt2.exe
[2009/03/01 11:21:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\McAfee
[2009/03/01 11:03:49 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\P\Desktop\dds.com
[2009/03/01 00:17:24 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\P\Desktop\ementor letter34.doc
[2009/02/27 13:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\Bazooka Scanner
[2009/02/27 13:34:57 | 00,744,529 | ---- | C] () -- C:\Documents and Settings\P\Desktop\bazookasetup.exe
[2009/02/23 19:01:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\My eBooks
[2009/02/22 00:14:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/02/22 00:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Sun
[2009/02/22 00:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Adobe
[2009/02/21 23:57:52 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\P\Desktop\Razor.lnk
[2009/02/21 23:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\My Downloads
[2009/02/21 23:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\IGN_DLM
[2009/02/21 23:32:34 | 00,007,221 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/21 23:31:14 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/02/21 23:28:51 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/02/21 23:14:03 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/02/21 23:14:03 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/02/21 23:14:01 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/02/21 23:13:59 | 00,213,640 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/02/21 23:13:36 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/02/21 23:11:47 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/21 23:11:44 | 00,000,324 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/02/21 23:10:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/02/21 23:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/02/21 23:09:34 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/02/21 22:54:37 | 01,230,368 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\P\Desktop\DMSetup.exe
[2009/02/21 22:20:58 | 00,693,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\P\Desktop\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe
[2009/02/21 22:17:43 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/02/21 22:17:43 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/02/21 22:17:42 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/02/21 22:17:42 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/02/21 22:17:42 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/02/21 22:17:42 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/02/21 22:17:42 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/02/21 22:17:42 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/02/21 22:17:42 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/02/21 22:17:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/02/21 22:15:22 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/02/21 22:12:57 | 21,244,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/21 21:55:33 | 00,001,331 | ---- | C] () -- C:\Documents and Settings\P\Desktop\McAfee Virtual Technician.lnk
[2009/02/21 21:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\McAfee
[2009/02/21 21:55:27 | 00,306,864 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\P\Desktop\mvtapp.exe
[2009/02/21 21:52:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/02/21 21:52:03 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/02/21 21:52:03 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/02/21 21:51:13 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/02/21 21:51:13 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/02/21 21:51:13 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/02/21 21:51:13 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/02/21 21:51:13 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/02/21 21:51:13 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/02/21 21:51:13 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/02/21 21:51:13 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/02/21 21:51:13 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/02/21 21:51:12 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/02/21 21:51:12 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/02/21 21:51:12 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/02/21 21:51:12 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/02/21 21:51:12 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/02/21 21:51:11 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/02/21 21:51:11 | 01,023,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/02/21 21:51:11 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/02/21 21:51:10 | 01,494,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/02/21 21:50:54 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/02/21 21:50:52 | 02,185,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/02/21 21:50:52 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/02/21 21:50:51 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/02/21 21:50:50 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/02/21 21:50:46 | 03,594,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/02/21 21:49:23 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/02/21 21:49:21 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/02/21 21:49:17 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/02/21 21:49:14 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/02/21 21:49:11 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/02/21 21:49:02 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/02/21 21:48:58 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/02/21 21:46:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/02/21 21:26:13 | 00,034,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/02/21 15:46:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\Mozilla
[2009/02/21 15:46:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Mozilla
[2009/02/21 15:12:54 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/02/21 15:12:33 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/02/21 11:00:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/21 10:44:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Macromedia
[2009/02/21 06:05:44 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2009/02/21 06:02:56 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/02/21 06:02:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/02/21 06:02:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/02/21 06:02:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/02/21 06:02:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/02/21 06:02:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/02/21 06:02:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/02/21 06:02:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/02/21 06:02:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/02/21 06:02:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/02/21 06:02:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/02/21 06:02:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/02/21 05:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\CyberLink
[2009/02/21 05:06:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\QuickPlay
[2009/02/21 05:06:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\HP
[2009/02/21 05:00:46 | 52,650,3936 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/21 04:20:02 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2009/02/21 04:19:36 | 00,001,716 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Presario V5000 (EZ429UA#ABA)_YN_0Pres_QCND623052Y_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J40_7Intel_8Celeron M 410_91.46_#090221_N14E44311_(EZ429UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK
[2009/02/21 04:18:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\P\Application Data\desktop.ini
[2009/02/21 04:18:37 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\P\Desktop\3 Month Trial AOL Music Now.lnk
[2009/02/21 04:18:37 | 00,000,992 | ---- | C] () -- C:\Documents and Settings\P\Desktop\Help and Support.lnk
[2009/02/21 04:18:35 | 00,063,344 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/21 04:18:35 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\fusioncache.dat
[2009/02/21 04:18:34 | 04,843,162 | -H-- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\IconCache.db
[2009/02/21 04:18:34 | 00,000,072 | -HS- | C] () -- C:\Documents and Settings\P\My Documents\desktop.ini
[2009/02/21 04:18:33 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\P\Start Menu\Programs\StartUp\desktop.ini
[2009/02/21 04:18:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\P\Application Data\Microsoft
[2009/02/21 04:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\P\My Documents\My Videos
[2009/02/21 04:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\P\My Documents\My Pictures
[2009/02/21 04:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\P\My Documents\My Music
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\Microsoft
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\IsolatedStorage
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\HP
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\Google
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\BVRP Software
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\ApplicationHistory
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Intuit
[2009/02/21 04:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Identities
[2009/02/21 04:08:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/02/15 12:45:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/15 12:28:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/15 12:23:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/15 12:13:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/15 12:13:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/02/14 10:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/14 10:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\Blockland
[2009/02/09 21:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/09 21:18:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/09 21:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/08 15:36:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/08 15:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/08 15:36:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/08 00:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/02/08 00:08:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/06 12:35:56 | 01,486,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/02 22:25:12 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\P\Desktop\OTListIt2.exe
[2009/03/02 22:21:36 | 00,000,313 | ---- | M] () -- C:\hpqp.ini
[2009/03/02 22:21:28 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/03/02 22:20:39 | 00,007,221 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/02 22:20:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/02 22:19:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/02 22:19:57 | 52,650,3936 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/01 11:03:50 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\P\Desktop\dds.com
[2009/03/01 01:00:43 | 00,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/01 00:17:26 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\P\Desktop\ementor letter34.doc
[2009/02/27 13:35:02 | 00,744,529 | ---- | M] () -- C:\Documents and Settings\P\Desktop\bazookasetup.exe
[2009/02/23 13:55:25 | 00,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/23 13:55:25 | 00,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/23 13:55:23 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/22 23:45:21 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/22 04:31:43 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/22 02:01:07 | 00,002,022 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ultima Online Registration.lnk
[2009/02/22 02:01:05 | 00,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ultima Online Mondain's Legacy.lnk
[2009/02/22 02:00:57 | 00,063,344 | ---- | M] () -- C:\Documents and Settings\P\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/22 01:40:10 | 00,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/22 01:25:30 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/02/21 23:57:52 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\P\Desktop\Razor.lnk
[2009/02/21 23:56:23 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2009/02/21 23:31:14 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/02/21 23:28:51 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/02/21 23:11:47 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/21 22:54:39 | 01,230,368 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\P\Desktop\DMSetup.exe
[2009/02/21 22:40:57 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/02/21 22:40:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/02/21 22:40:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/02/21 22:40:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/02/21 22:40:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/02/21 22:40:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/02/21 22:32:07 | 00,001,331 | ---- | M] () -- C:\Documents and Settings\P\Desktop\McAfee Virtual Technician.lnk
[2009/02/21 22:23:07 | 00,000,072 | -HS- | M] () -- C:\Documents and Settings\P\My Documents\desktop.ini
[2009/02/21 22:21:01 | 00,693,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\P\Desktop\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe
[2009/02/21 22:20:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/21 21:55:32 | 00,306,864 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\P\Desktop\mvtapp.exe
[2009/02/21 06:04:17 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/21 05:03:50 | 00,001,424 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blockbuster.LNK
[2009/02/21 05:03:50 | 00,001,284 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Extended Service.LNK
[2009/02/21 05:03:50 | 00,001,244 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.LNK
[2009/02/21 05:03:50 | 00,001,120 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Photos First 25 Free.LNK
[2009/02/21 05:03:49 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Music.LNK
[2009/02/21 05:03:49 | 00,001,062 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Accessories.LNK
[2009/02/21 04:21:35 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\P\Local Settings\Application Data\fusioncache.dat
[2009/02/21 04:20:02 | 00,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2009/02/21 04:19:45 | 00,001,716 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Presario V5000 (EZ429UA#ABA)_YN_0Pres_QCND623052Y_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J40_7Intel_8Celeron M 410_91.46_#090221_N14E44311_(EZ429UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK
[2009/02/21 04:16:59 | 00,038,337 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/02/21 04:16:50 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/02/21 04:15:08 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2009/02/14 10:07:51 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/08 15:36:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/06 12:35:56 | 01,486,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.DLL
< End of report >


OTListIt Extras logfile created on: 3/2/2009 10:25:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.3 Folder = C:\Documents and Settings\P\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 129.37 Mb Available Physical Memory | 25.77% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.23 Gb Total Space | 0.95 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.09 Gb Free Space | 13.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAPERMATE
Current User Name: P
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1778645279-2012148862-202838856-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
File not found -- C:\Documents and Settings\P\Local Settings\Temp\7zSB5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
[2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"Download Manager" = Download Manager 2.3.7
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee SecurityCenter
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2009 10:11:37 PM | Computer Name = PAPERMATE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/24/2009 2:15:38 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 796 (0x31c) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/24/2009 9:56:34 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1056 (0x420) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/25/2009 11:48:57 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 980 (0x3d4) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/26/2009 9:03:13 AM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1892 (0x764) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/26/2009 10:11:22 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1428 (0x594) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/27/2009 2:59:44 AM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2392 (0x958) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/27/2009 1:13:32 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 704 (0x2c0) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/27/2009 1:18:25 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2212 (0x8a4) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/27/2009 2:34:32 PM | Computer Name = PAPERMATE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4028 (0xfbc) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\P\Desktop\uoml_setup.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 2/23/2009 8:16:18 PM | Computer Name = PAPERMATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KOPECKI that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EB416628-E1F0-447C-B. The master browser is stopping or an election
is being forced.

Error - 2/23/2009 9:28:02 PM | Computer Name = PAPERMATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KOPECKI that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EB416628-E1F0-447C-B. The master browser is stopping or an election
is being forced.

Error - 2/23/2009 10:40:01 PM | Computer Name = PAPERMATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KOPECKI that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EB416628-E1F0-447C-B. The master browser is stopping or an election
is being forced.

Error - 2/24/2009 2:15:43 PM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/24/2009 9:56:41 PM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/25/2009 11:49:00 PM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/26/2009 9:02:38 AM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 2/26/2009 9:02:38 AM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 2/26/2009 9:03:18 AM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/26/2009 4:15:58 PM | Computer Name = PAPERMATE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.


< End of report >




GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-02 23:17:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA315044A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA31504E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA31503F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA315040C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA31504F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA3150521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA315058F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA3150579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA315048A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA31505BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA31504CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA31503D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA31503E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA315045E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA31505F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA3150563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA315054D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA315050B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA31505E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA31505CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA3150436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA3150422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA3150537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA31504B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA31505A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA31504A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA3150474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 805021FC 7 Bytes JMP A3150478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056DF7C 5 Bytes JMP A315044E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A70D8 7 Bytes JMP A315048E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A7EEE 5 Bytes JMP A31504A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805AD66C 7 Bytes JMP A3150462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C0DD0 5 Bytes JMP A31503D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C105C 5 Bytes JMP A31503E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C388E 5 Bytes JMP A3150426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C6E8A 7 Bytes JMP A3150410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C6F40 5 Bytes JMP A31503FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C744A 5 Bytes JMP A315043A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8720 5 Bytes JMP A31504BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80617F0E 7 Bytes JMP A3150551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061825C 5 Bytes JMP A31505D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80618514 7 Bytes JMP A315053B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 806187DC 7 Bytes JMP A31505A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619022 7 Bytes JMP A3150567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061987A 7 Bytes JMP A315050F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80619E54 5 Bytes JMP A31504E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A2E4 7 Bytes JMP A31504F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A4B4 7 Bytes JMP A3150525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061A694 7 Bytes JMP A3150593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061A8FE 7 Bytes JMP A315057D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B1EA 5 Bytes JMP A31504D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8061B50E 7 Bytes JMP A31505FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061BA34 5 Bytes JMP A31505E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061BB4E 5 Bytes JMP A31505BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[488] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[488] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F8C
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070FA7
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070081
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070070
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070044
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700AD
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F71
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F14
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F2F
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 000700C8
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0007005F
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 0007009C
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00070033
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00070022
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070F40
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BA0082
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BA0F8D
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BA0093
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BA0F2B
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BA0F46
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00BA0F10
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00BA00C4
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B90036
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B90076
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B90065
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008C0F54
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008C0053
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008C0F79
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008C0F8A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008C002C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008C0092
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008C0081
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008C0F03
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008C0F28
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008C00B7
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008C0FA5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008C0011
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008C0064
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008C0FCA
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008C0FDB
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008C0F39
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008B0036
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008B0087
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008B0062
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008B0051
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008B0FCA
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A10F92
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A10091
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A10080
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A10FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A100BD
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A100AC
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A10F24
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A10F3F
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A10F13
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A10025
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A10F81
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A10040
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A10F5A
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A0004E
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A00F91
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A00022
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02200FEF
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02200082
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02200071
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02200F97
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02200FA8
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02200FB9
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 022000B0
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02200F68
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02200F32
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02200F43
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 02200F17
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02200040
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02200FDE
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02200093
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 02200025
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02200014
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 022000CB
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 020C0FC3
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 020C0F61
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 020C0FDE
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 020C0FEF
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 020C0F7C
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 020C0FA1
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 020C0000
.text C:\WINDOWS\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 020C0FB2
.text C:\WINDOWS\System32\svchost.exe[1248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 020A0000
.text C:\WINDOWS\System32\svchost.exe[1248] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 021F0FEF
.text C:\WINDOWS\System32\svchost.exe[1248] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 021F000A
.text C:\WINDOWS\System32\svchost.exe[1248] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 021F0FD4
.text C:\WINDOWS\System32\svchost.exe[1248] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 021F0FC3
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00750FE5
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00750F5C
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00750F6D
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00750F88
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00750051
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00750036
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00750F4B
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00750087
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00750F1F
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007500B8
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 007500D3
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00750FAF
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 0075006C
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00750FD4
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 0075001B
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00750F30
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00740F9E
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0074005B
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0074004A
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00740025
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B4008E
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B40069
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B40F9B
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B40FAC
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B4003D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B400A9
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B40F6D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B400DF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B400CE
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B40104
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B40058
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B40011
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B40F7E
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B40FD1
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B40022
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B40F50
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B20F9E
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B20F57
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B20FD4
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B20F68
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B20F83
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B2000A
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00B30047
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F81
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0065
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00E4
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00C9
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001B00F5
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001B0087
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2560] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001B00AE
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0FB6
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A0F68
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0F79
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0F94
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2560] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0FA5
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A005B
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F66
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A002F
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00A4
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0089
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F15
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F26
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0014
.text C:\WINDOWS\Explorer.EXE[2996] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC7
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F8A
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290022
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290011
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F9B
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0029003D
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[2996] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB6
.text C:\WINDOWS\Explorer.EXE[2996] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[2996] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\Explorer.EXE[2996] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\Explorer.EXE[2996] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 015D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 085F0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 085F0F59
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 085F0F74
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 085F0F85
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 085F004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 085F003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 085F0F3E
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 085F0086
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 085F0F12
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 085F0F23
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 085F00C6
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 085F0FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 085F0011
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 085F0069
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 085F0FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 085F002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 085F00A1
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 084D001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 084D0062
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 084D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 084D0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 084D0FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 084D003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 084D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 084D002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 084E0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 084E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 084E0011
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 084E0FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 084B0000
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F30
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F61
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0F83
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0EEC
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0EFD
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0EC7
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0060
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A0EAC
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A0F72
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A0F0E
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\System32\svchost.exe[3148] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0045
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280011
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0028004E
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00280000
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280FCA
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280F91
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00280033
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280FEF
.text C:\WINDOWS\System32\svchost.exe[3148] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280022
.text C:\WINDOWS\System32\svchost.exe[3148] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D000A

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
:thumbup2:
---- EOF - GMER 1.0.14 ----

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:44 PM

Posted 03 March 2009 - 05:31 PM

Hello, Doomsis
I don't see any malware in your logs. How are things running?

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Doomsis

Doomsis
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:02:44 PM

Posted 05 March 2009 - 11:50 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3911 (20090305)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=388bde2cd2bd4c42b0e6b8b88b11ca97
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-06 04:36:47
# local_time=2009-03-05 11:36:47 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=416437
# found=1
# scan_time=7763
C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000

Hi! It hasn't moved the mouse but it just did it now ; ;. I can't believe it actually found it. The lockdown drag signs were when i play my PC game and then it closes things -.-.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:44 PM

Posted 06 March 2009 - 05:13 PM

Hello, Doomsis
At this point I don't believe we are dealing with a virus/malware issue. Your logs and symptoms don't show any signs of infection at all.

If your mouse is giving your issues, it's likely the problem is the mouse itself. You can get assistance with that in the Internal Hardware forum for that issue here:
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Otherwise,

You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
  • Click the "Start Menu" (or Windows Orb)
  • Click "All Programs"
  • Click "Windows Update"
  • On the left, choose "Change Settings"
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click "Check for Updates" in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:44 PM

Posted 08 March 2009 - 03:01 PM

Hello, Doomsis
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users