Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with Malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 tahoesdad

tahoesdad

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 03 March 2010 - 07:26 PM

I have some malware on my PC that becomes 'visible' when I log into my bank. If I go to my bank's website, I can put in any entry for my userid and password -- the system then brings up a screen asking me for every piece of personal information -- credit card numbers, date of birth, SS#, etc. As soon as I saw this page, I knew I was infected. I 'right clicked' to see the source and saw that it picked up the userid / pw from the previous page as well as all the sensitive information (which I never provided). Also saw a IP address in the source -- I'm assuming that is where all this info would be sent. I configured my firewall to block any outbound traffic to that IP address.

I've tried Malwarebytes, McAfee, Spybot, SpySweeper, etc., booting up in Safe Mode and cleaning, pretty much everything. The symptoms disappear for a while, but come back even without rebooting the machine. I followed the instructions on this site and am posting the DDS file. I tried to run the GMER application on several occassions, but got the 'blue screen' every time.

Would greatly appreciate any help in solving this issue.

Thank you in advance!!

Here's the DDS.txt log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by TJ at 22:24:56.35 on Mon 03/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.611 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom Jones\Desktop\DDS - Processes Running\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/comcast.html
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [Simple Star PhotoShow Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ContentTransferWMDetector.exe] "c:\program files\sony\content transfer\ContentTransferWMDetector.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248219371327
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-2 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 eSpecBny;eSpecBny;c:\windows\system32\drivers\eSpecBny.sys [2002-12-22 12768]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-2 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-2 144704]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-2-20 1201640]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-2 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-2 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-2 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-2 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-2 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
S3 {9967B370-C628-4772-9A0C2B7EF67CE218};{9967B370-C628-4772-9A0C2B7EF67CE218};c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]

=============== Created Last 30 ================

2010-03-02 03:21:20 0 ----a-w- c:\documents and settings\tom jones\defogger_reenable
2010-03-02 01:45:14 0 d-----w- c:\program files\Glary Utilities
2010-02-28 22:44:24 0 d-----w- c:\program files\Trend Micro
2010-02-28 21:27:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-28 21:27:38 0 d-----w- c:\docume~1\tomjon~1\applic~1\SUPERAntiSpyware.com
2010-02-28 21:25:51 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-26 23:34:55 0 d-----w- c:\docume~1\tomjon~1\applic~1\GlarySoft
2010-02-26 23:34:54 0 d-----w- c:\program files\Glary Registry Repair
2010-02-23 00:57:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 00:57:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 00:57:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 17:22:49 77419 ----a-w- c:\windows\hpqins05.dat
2010-02-21 01:47:34 1563008 ----a-w- c:\windows\WRSetup.dll
2010-02-21 01:47:34 0 d-----w- c:\program files\Webroot
2010-02-21 01:47:34 0 d-----w- c:\docume~1\tomjon~1\applic~1\Webroot
2010-02-21 01:47:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-02-21 01:44:55 164 ----a-w- c:\windows\install.dat
2010-02-19 22:31:33 0 d-----w- c:\docume~1\tomjon~1\applic~1\Malwarebytes
2010-02-19 22:31:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-15 22:46:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-15 22:46:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-13 12:07:37 0 d-----w- c:\windows\pss
2010-02-13 11:14:19 0 d-----w- c:\docume~1\tomjon~1\applic~1\McAfee
2010-02-02 23:38:06 0 d-----w- c:\documents and settings\tom jones\Stellarium
2010-02-01 00:57:46 0 d-----w- c:\program files\DeductionPro 2009
2010-02-01 00:51:55 0 d-----w- c:\program files\HRBlock2009

==================== Find3M ====================

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2005-02-21 01:51:43 25184485 ----a-w- c:\program files\NV11ESD.exe
2009-07-22 00:23:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072120090722\index.dat

============= FINISH: 22:27:06.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 07 March 2010 - 08:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 07 March 2010 - 12:10 PM

Bleepin'_temp,

Thanks so much for all your help! My PC was really slow and I did execute some scans yesterday. Launched my PC in Safe Mode and ran a plethora of AV / Spyware programs in sequence. Upon rebooting and launching IE, the symptoms of this malware did not appear (normal function of bank website). However, true to form, it was back within an hour or two. I do not believe that I rebooted between the 'normal' functioning and seeing the 'visible' infection.

Per your directions, I copied the custom scan lines into the OTL tool and ran the scan for all users. I am posting the output from the OTL.txt and Extra.txt files below:

OTL logfile created on: 3/7/2010 11:36:13 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Tom Jones\Desktop\Old Timers
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 46.44 Gb Free Space | 41.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 439.40 Gb Free Space | 94.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYDESKTOP
Current User Name: Tom Jones
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 11:34:23 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Jones\Desktop\Old Timers\OTL.exe
PRC - [2010/02/20 20:48:39 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/25 23:32:20 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/19 14:10:07 | 000,351,264 | ---- | M] (Roxio) -- C:\Program Files\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2010/03/07 11:34:23 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Jones\Desktop\Old Timers\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2010/02/20 20:48:39 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2002/05/03 12:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/04/25 17:09:21 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/25 17:09:21 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/25 09:20:05 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2005/05/11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/06/30 20:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 20:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 20:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/05/03 12:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/05/11 14:53:32 | 000,012,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eSpecBny.sys -- (eSpecBny)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\S-1-5-21-2022739385-2928715528-1252583002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\S-1-5-21-2022739385-2928715528-1252583002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/07/03 13:33:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/21 18:01:25 | 000,000,737 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts:
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2022739385-2928715528-1252583002-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1248219371327 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.games.yahoo.com/games/clients/y/ct2_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (nd) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/23 13:32:00 | 000,000,672 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/28 16:29:30 | 000,000,151 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2002/11/27 20:53:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECX.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 11:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Old Timers
[2010/03/06 20:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/06 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/06 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Iobit
[2010/03/06 13:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\.bh_gui
[2010/03/06 13:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/03/06 13:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/03/06 13:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\bothunter
[2010/03/06 07:25:38 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/02 22:47:27 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/02 07:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/01 22:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\GMER
[2010/03/01 22:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\DDS - Processes Running
[2010/03/01 22:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Defogger
[2010/03/01 20:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/03/01 20:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities
[2010/02/28 19:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\TaskList Home XP
[2010/02/28 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/28 17:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\HiJackThis
[2010/02/28 16:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\SUPERAntiSpyware.com
[2010/02/28 16:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/28 14:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Vundofix
[2010/02/28 14:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\ATF Cleaner
[2010/02/28 13:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\MS Malicious Tool
[2010/02/28 07:44:39 | 005,207,047 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Tom Jones\Desktop\McAfee Stinger.exe
[2010/02/26 18:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\GlarySoft
[2010/02/26 18:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/02/26 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\registry cleaner
[2010/02/23 21:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Spybot S&D
[2010/02/22 19:57:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/22 19:57:27 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/22 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 19:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Malwarebytes
[2010/02/21 12:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/02/21 09:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\McAfee Krez Remover
[2010/02/21 09:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\McAfee BugBear Remover
[2010/02/20 20:47:34 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\Webroot
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/02/19 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\Malwarebytes
[2010/02/19 17:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/15 17:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/15 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/13 09:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/13 07:07:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/13 06:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\McAfee
[2010/02/07 15:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/04 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/31 02:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/31 02:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/25 14:42:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/02 15:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2008/06/02 10:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2007/11/26 10:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/09 14:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/06/19 22:58:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/21 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[231 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Tom Jones\My Documents\*.tmp files -> C:\Documents and Settings\Tom Jones\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 11:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/07 11:23:44 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/07 11:23:31 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/07 11:23:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/07 11:22:41 | 000,026,359 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/07 11:21:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 11:21:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 11:21:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/07 11:21:11 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 11:20:37 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Tom Jones\NTUSER.DAT
[2010/03/07 11:20:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom Jones\NTUSER.INI
[2010/03/07 11:16:40 | 000,000,728 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/07 11:16:40 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System.ini
[2010/03/07 11:16:40 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/03/07 04:00:15 | 000,001,672 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LAC13A66949B745E08AC070D077272DAF.job
[2010/03/06 20:46:20 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/03/06 13:52:26 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BotHunter.lnk
[2010/03/06 00:53:16 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\mcafee stinger.opt
[2010/03/04 20:29:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 02:23:30 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\Roxio PhotoShow Updater.job
[2010/03/01 22:21:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom Jones\defogger_reenable
[2010/03/01 20:45:28 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities.lnk
[2010/03/01 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/28 17:44:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\HijackThis.lnk
[2010/02/28 07:44:50 | 005,207,047 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Tom Jones\Desktop\McAfee Stinger.exe
[2010/02/26 18:34:59 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Registry Repair.lnk
[2010/02/26 18:34:59 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities Freeware.url
[2010/02/23 22:02:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Spybot - Search & Destroy.lnk
[2010/02/23 20:52:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100228-004621.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100228-003319.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100224-001640.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/02/21 12:59:46 | 000,094,592 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 12:49:47 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 12:42:43 | 000,077,419 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/02/21 12:27:40 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/20 20:47:28 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/02/15 19:37:37 | 000,004,210 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/02/08 21:29:55 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[231 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Tom Jones\My Documents\*.tmp files -> C:\Documents and Settings\Tom Jones\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 11:19:55 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/06 20:46:20 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/03/06 13:52:26 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BotHunter.lnk
[2010/03/04 20:29:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 22:21:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom Jones\defogger_reenable
[2010/03/01 20:45:40 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/01 20:45:28 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities.lnk
[2010/02/28 17:44:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\HijackThis.lnk
[2010/02/28 11:25:09 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\mcafee stinger.opt
[2010/02/27 13:15:44 | 1609,637,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/26 18:34:59 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Registry Repair.lnk
[2010/02/26 18:34:59 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities Freeware.url
[2010/02/23 22:02:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Spybot - Search & Destroy.lnk
[2010/02/21 12:27:40 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/21 12:22:49 | 000,077,419 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/20 21:02:38 | 000,001,672 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LAC13A66949B745E08AC070D077272DAF.job
[2010/02/20 20:44:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/02/20 07:27:35 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/08 21:29:55 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_C802877A-C432-429B-BAC2-5EA1CC7F4912.txt
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_B5F0AD4C-8680-4241-A952-03050D80367F.txt
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_7C9ED510-8A7F-4ECB-B08F-5794501A7CF1.txt
[2009/06/11 02:04:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/26 17:44:29 | 000,004,210 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/12 22:39:09 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/08/01 20:38:10 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/08/01 20:29:04 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/11 11:35:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/01/25 21:32:48 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/25 21:32:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/06/10 07:52:54 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/02 10:54:41 | 000,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/04/02 10:54:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/04/02 10:45:12 | 000,017,414 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/27 21:09:03 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\fusioncache.dat
[2005/02/20 20:51:27 | 025,184,485 | ---- | C] () -- C:\Program Files\NV11ESD.exe
[2004/10/05 18:24:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/11 22:25:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\nshelikg.ini
[2004/04/06 20:11:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/01/22 14:55:46 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2004/01/22 14:55:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2004/01/22 14:55:45 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2004/01/11 17:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/11/02 09:35:52 | 000,000,455 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2002/12/21 16:02:46 | 000,000,066 | ---- | C] () -- C:\WINDOWS\HPCK2.INI
[2002/12/21 16:02:46 | 000,000,066 | ---- | C] () -- C:\WINDOWS\HPCK.INI
[2002/12/14 14:14:11 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/12/07 21:13:38 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2002/12/07 20:55:20 | 000,003,491 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/06 20:59:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\dm.ini
[2002/11/27 21:36:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/11/27 21:19:36 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/11/27 20:58:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 17:42:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/29 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005777_.tmp.dll
[2002/08/29 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005745_.tmp.dll
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll
[231 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/24 17:56:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/30 20:34:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/08/24 17:56:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/30 20:34:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/24 17:56:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/30 20:34:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/08/24 17:56:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/30 20:34:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/10/16 18:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 3/7/2010 11:36:13 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Tom Jones\Desktop\Old Timers
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 46.44 Gb Free Space | 41.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 439.40 Gb Free Space | 94.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYDESKTOP
Current User Name: Tom Jones
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3089:TCP" = 3089:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3089:TCP" = 3089:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\TEMP\DeviceUpdate\Oj7300_Oj7400_VR5_4001_to_7001\hpzfwu01.exe" = C:\TEMP\DeviceUpdate\Oj7300_Oj7400_VR5_4001_to_7001\hpzfwu01.exe:*:Enabled:Device Update Wizard application -- (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2462F296-EEF5-4690-8C12-CD9ED3DB1B16}" = TaxCut Indiana 2008
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB2511D-A074-40E0-A5ED-A875EBBDDF49}" = BotHunter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AF551C00-1D66-45DB-A3A5-F097F635200E}" = TaxCut Indiana 2007
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E08BA611-5BB8-4AFC-BEE8-468D1AE5FFED}" = H&R Block Indiana 2009
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager (Remove Only)
"Celestia_is1" = Celestia 1.5.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"ComcastToolbar" = Comcast Toolbar
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Freeze Clip Art" = Freeze Clip Art
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Glary Utilities_is1" = Glary Utilities 2.20.0.831
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2: The Adventure Continues
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"IObit Security 360_is1" = IObit Security 360
"Kid's College CFA" = Kid's College CFA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoShow 5" = PhotoShow 5
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 6.0" = RealPlayer
"Roxio PhotoShow" = Roxio PhotoShow
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SpongeBob Diner Dash" = SpongeBob Diner Dash
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Stellarium_is1" = Stellarium 0.9.0
"VISPROR" = Microsoft Office Visio Professional 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2022739385-2928715528-1252583002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2010 11:55:57 PM | Computer Name = STUDYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 11:56:01 PM | Computer Name = STUDYDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 3/4/2010 8:51:02 AM | Computer Name = STUDYDESKTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2828 (0xb0c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Tom
Jones\Desktop\McAfee Stinger.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/5/2010 8:08:32 AM | Computer Name = STUDYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2010 10:07:09 AM | Computer Name = STUDYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2010 10:33:19 AM | Computer Name = STUDYDESKTOP | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 11:33:15 AM | Computer Name = STUDYDESKTOP | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 12:33:15 PM | Computer Name = STUDYDESKTOP | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 1:33:16 PM | Computer Name = STUDYDESKTOP | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 2:33:32 PM | Computer Name = STUDYDESKTOP | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 10/23/2009 8:14:39 AM | Computer Name = STUDYDESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/6/2010 2:37:58 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/6/2010 2:37:58 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/6/2010 2:37:58 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/6/2010 2:50:02 PM | Computer Name = STUDYDESKTOP | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without
first being prepared for removal.

Error - 3/6/2010 2:50:02 PM | Computer Name = STUDYDESKTOP | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASENUM\0000 disappeared from the system without
first being prepared for removal.

Error - 3/6/2010 2:50:02 PM | Computer Name = STUDYDESKTOP | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without
first being prepared for removal.

Error - 3/7/2010 12:11:01 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 3/7/2010 12:22:13 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 3/7/2010 12:24:16 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 3/7/2010 12:24:16 PM | Computer Name = STUDYDESKTOP | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 07 March 2010 - 02:28 PM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 07 March 2010 - 11:29 PM

Got a successful GMER run, although I did get a 'blue screen' after I saved and reviewed the log file. The contents of the log file are listed below:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 22:57:37
Windows 5.1.2600 Service Pack 3
Running: fh5j038i.exe; Driver: C:\DOCUME~1\TOMJON~1\LOCALS~1\Temp\fwldipod.sys


---- System - GMER 1.0.15 ----

SSDT 8A47C6F0 ZwAllocateVirtualMemory
SSDT 8A46A7C8 ZwCreateKey
SSDT 8A49CBA8 ZwCreateProcess
SSDT 8A4949C8 ZwCreateProcessEx
SSDT 8A4663D0 ZwCreateThread
SSDT 8A46A750 ZwDeleteKey
SSDT 8A42FBD0 ZwDeleteValueKey
SSDT 8A42F4D0 ZwQueueApcThread
SSDT 8A4668B0 ZwReadVirtualMemory
SSDT 8A499080 ZwRenameKey
SSDT 8A467368 ZwSetContextThread
SSDT 8A42F9D8 ZwSetInformationKey
SSDT 8A49D6A0 ZwSetInformationProcess
SSDT 8A4673E0 ZwSetInformationThread
SSDT 8A49FFA8 ZwSetValueKey
SSDT 8A4536C0 ZwSuspendProcess
SSDT 8A42F548 ZwSuspendThread
SSDT 8A453208 ZwTerminateProcess
SSDT 8A466358 ZwTerminateThread
SSDT 8A47C678 ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB864B788]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB864B8C5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB864B8AF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB864B7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB864B8F1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB864B80B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB864B710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB864B724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB864B79C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB864B92D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB864B899]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB864B883]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB864B919]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB864B905]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB864B8DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB864B7DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB864B7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B864B7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP B864B80F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP B864B887 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP B864B78C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP B864B931 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP B864B8C9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805741D0 5 Bytes JMP B864B714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP B864B7A0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP B864B7E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP B864B7CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058B58D 5 Bytes JMP B864B728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP B864B8F5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP B864B8B3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6A 7 Bytes JMP B864B8DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E390 7 Bytes JMP B864B89D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ED01 5 Bytes JMP B864B909 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F16A 5 Bytes JMP B864B91D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA04B340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023D28B1
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 023D273D
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[264] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 023D282F
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 023D2775
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[264] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023D27AD
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC006C
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0F81
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC005B
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC004A
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0014
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F55
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0091
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC0F44
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC00D3
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0F29
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC002F
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F66
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC00B8
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0025
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0076
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0014
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AB0FB9
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AB0051
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0042
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FAD
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C000C
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C001D
.text C:\WINDOWS\system32\svchost.exe[296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FD2
.text C:\WINDOWS\system32\svchost.exe[296] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[296] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[296] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[296] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\svchost.exe[296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A90000
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A90FAD
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A90098
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01A90FCA
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01A90087
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01A9005B
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01A900C7
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A90F8B
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A900F3
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A90F5A
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A90F3F
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01A9006C
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A9001B
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A90F9C
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01A90FE5
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01A90036
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A900D8
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01A80036
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01A80098
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01A80FEF
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01A8001B
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01A8007D
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01A80000
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01A80062
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01A80051
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01A7003D
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A70022
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01A70FCD
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01A70000
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01A70FB2
.text C:\WINDOWS\system32\svchost.exe[340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01A70011
.text C:\WINDOWS\system32\svchost.exe[340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A60FEF
.text C:\WINDOWS\system32\svchost.exe[340] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01A50000
.text C:\WINDOWS\system32\svchost.exe[340] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01A50FE5
.text C:\WINDOWS\system32\svchost.exe[340] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01A5001B
.text C:\WINDOWS\system32\svchost.exe[340] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01A50FCA
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 025D28B1
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 025D273D
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 025D282F
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 025D2775
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 025D27AD
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01FD0FEF
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01FD0069
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01FD0F74
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FD004E
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01FD003D
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01FD0FC0
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01FD00A1
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01FD0086
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01FD00B2
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01FD0F23
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01FD0F08
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01FD0F9B
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01FD0000
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01FD0F59
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01FD002C
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01FD0011
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01FD0F3E
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01FC0FA8
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01FC0F57
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01FC0FB9
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01FC0FD4
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01FC0F68
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01FC0FE5
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01FC0F83
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1C, 8A] {SBB AL, 0x8a}
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01FC000A
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FB0064
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FB0053
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FB001D
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FB0000
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FB0038
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FB0FE3
.text C:\WINDOWS\system32\services.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FA0FEF
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01F90000
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01F90011
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01F90022
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01F90FDB
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F5E
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50F6F
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50047
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50F94
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50025
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F5008B
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F5007A
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50F0D
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500A6
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50EFC
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F50FDB
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F50F43
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50FB9
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F50F28
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40F57
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40F68
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F40F83
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [14, 89] {ADC AL, 0x89}
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40F9E
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30FE3
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F3006E
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30038
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30053
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F2000A
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[940] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01BC28B1
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[940] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01BC273D
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[940] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01BC282F
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[940] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01BC2775
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[940] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01BC27AD
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[952] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 028B28B1
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[952] WS2_32.dll!send 71AB4C27 5 Bytes JMP 028B273D
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[952] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 028B282F
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[952] WS2_32.dll!recv 71AB676F 5 Bytes JMP 028B2775
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[952] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 028B27AD
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02850000
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0285005B
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02850F5C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02850036
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02850F79
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0285001B
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02850F24
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0285006C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02850098
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02850087
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02850EE4
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02850F94
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02850FE5
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02850F41
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02850FB9
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02850FCA
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02850F09
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02840FCA
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02840FA8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02840025
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02840000
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0284005B
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02840FEF
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02840040
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02840FB9
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02830036
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!system 77C293C7 5 Bytes JMP 02830FAB
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02830011
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02830000
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02830FBC
.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02830FD7
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02820FEF
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02810000
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0281001B
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02810FE5
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02810040
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010F97
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010FA8
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010076
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010065
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010FCA
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01010F4B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010F66
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010F18
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010F29
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01010F07
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01010FB9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01010014
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0101009D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01010040
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0101002F
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01010F3A
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FC0
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0069
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0058
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0FB7
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0042
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE001D
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FD2
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FC0014
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FC0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FC002F
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01B128B1
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B1273D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01B1282F
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01B12775
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01B127AD
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02470FEF
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02470051
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02470F5C
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02470040
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02470F8D
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02470FA8
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02470F2E
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02470076
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02470EF1
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02470F02
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02470ED6
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02470025
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02470000
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02470F4B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02470FB9
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02470FCA
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02470F1D
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02460025
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02460F94
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02460FD4
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0246000A
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02460051
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02460FEF
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02460FAF
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [66, 8A]
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02460036
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02450FB7
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 02450FC8
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0245001D
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02450FEF
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02450038
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0245000C
.text C:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02440000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02430000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0243001B
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02430FE5
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02430036
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F26
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F37
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F5E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0042
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0EF0
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF006E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF005D
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0089
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0F83
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F01
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0EDF
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0065
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FA1
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FBC
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 025F28B1
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 025F273D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 025F282F
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 025F2775
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 025F27AD
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1480] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 021928B1
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1480] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0219273D
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1480] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0219282F
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1480] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02192775
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1480] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 021927AD
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078008C
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780071
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F97
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780054
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FB2
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007800BA
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F72
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F57
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800E6
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0078010B
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780039
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FDE
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0078009D
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FCD
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078001E
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800D5
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0077001B
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F8A
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FCA
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770047
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FE5
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00770FA5
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [97, 88]
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0077002C
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FA1
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760FBC
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760022
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FCD
.text C:\WINDOWS\System32\svchost.exe[1516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1516] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\System32\svchost.exe[1516] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A90FDE
.text C:\WINDOWS\System32\svchost.exe[1516] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A90014
.text C:\WINDOWS\System32\svchost.exe[1516] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A90025
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D004A
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0F5F
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F7C
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F97
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D009D
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0082
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F3A
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00C9
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00EE
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FA8
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0065
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0025
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D000A
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D00AE
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F79
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0011
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FDB
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0F8A
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009C0036
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0014
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FB5
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0F9A
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FD2
.text C:\WINDOWS\System32\svchost.exe[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\System32\svchost.exe[1568] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D60FA8
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D6007F
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F94
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60062
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60FA5
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60051
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60F63
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D600AB
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D60F37
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F52
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D600EB
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60FC0
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60090
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60036
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D6001B
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D600D0
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50FDB
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50065
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50036
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50025
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FAF
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40042
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FB7
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FC8
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40027
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40FE3
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D20011
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D20FC0
.text C:\WINDOWS\System32\svchost.exe[1936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007E28B1
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007E273D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007E282F
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007E2775
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007E27AD
.text C:\WINDOWS\system32\cisvc.exe[2012] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C628B1
.text C:\WINDOWS\system32\cisvc.exe[2012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C6273D
.text C:\WINDOWS\system32\cisvc.exe[2012] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C6282F
.text C:\WINDOWS\system32\cisvc.exe[2012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C62775
.text C:\WINDOWS\system32\cisvc.exe[2012] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C627AD
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[2032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F628B1
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[2032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F6273D
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[2032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F6282F
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[2032] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F62775
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[2032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F627AD
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F8D
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0082
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0FA8
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0FB9
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C00B8
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0F70
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C00EE
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00D3
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0109
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C005B
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C00A7
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0025
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0F55
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B002C
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F9B
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0FD1
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0011
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0FB6
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B004E
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B003D
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0066
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FE5
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0044
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0055
.text C:\WINDOWS\System32\svchost.exe[2160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A001D
.text C:\WINDOWS\System32\svchost.exe[2160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\Program Files\iPod\bin\iPodService.exe[2260] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BB28B1
.text C:\Program Files\iPod\bin\iPodService.exe[2260] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BB273D
.text C:\Program Files\iPod\bin\iPodService.exe[2260] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BB282F
.text C:\Program Files\iPod\bin\iPodService.exe[2260] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BB2775
.text C:\Program Files\iPod\bin\iPodService.exe[2260] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BB27AD
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C005E
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F69
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0043
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0F86
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0F97
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F4E
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0096
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0EFD
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0F18
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0EEC
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C001E
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C006F
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FA8
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FCD
.text C:\WINDOWS\System32\svchost.exe[2296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0F33
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F83
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0014
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FD4
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0F9E
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0025
.text C:\WINDOWS\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0FC1
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A004C
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FE3
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0FD2
.text C:\WINDOWS\System32\svchost.exe[2296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0011
.text C:\WINDOWS\System32\svchost.exe[2296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\WINDOWS\System32\svchost.exe[2296] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\System32\svchost.exe[2296] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008C0000
.text C:\WINDOWS\System32\svchost.exe[2296] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008C0FCA
.text C:\WINDOWS\System32\svchost.exe[2296] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 008C0FB9
.text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 018E28B1
.text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018E273D
.text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2332] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018E282F
.text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2332] WS2_32.dll!recv 71AB676F 5 Bytes JMP 018E2775
.text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2332] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 018E27AD
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B5007B
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50F86
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B5006A
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B5004D
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50FAB
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F3A
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B5008C
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B500C2
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B500B1
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50F0E
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50032
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50FDE
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50F61
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FBC
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FCD
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F29
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40025
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40F90
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40FA1
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B40FB2
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D4, 88] {AAM 0x88}
.text C:\WINDOWS\System32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B40FC3
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B3002F
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30FA4
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30000
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30FB5
.text C:\WINDOWS\System32\svchost.exe[2416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B30FD2
.text C:\WINDOWS\System32\svchost.exe[2416] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E70000
.text C:\WINDOWS\System32\svchost.exe[2416] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E70011
.text C:\WINDOWS\System32\svchost.exe[2416] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E7002C
.text C:\WINDOWS\System32\svchost.exe[2416] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E70FDB
.text C:\WINDOWS\System32\svchost.exe[2416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012D28B1
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012D273D
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012D282F
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012D2775
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012D27AD
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E028B1
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E0273D
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E0282F
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E02775
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E027AD
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017028B1
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0170273D
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0170282F
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01702775
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017027AD
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FF28B1
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FF273D
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FF282F
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FF2775
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FF27AD
.text C:\Program Files\iTunes\iTunesHelper.exe[3584] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015528B1
.text C:\Program Files\iTunes\iTunesHelper.exe[3584] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0155273D
.text C:\Program Files\iTunes\iTunesHelper.exe[3584] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0155282F
.text C:\Program Files\iTunes\iTunesHelper.exe[3584] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01552775
.text C:\Program Files\iTunes\iTunesHelper.exe[3584] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015527AD
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010228B1
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0102273D
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0102282F
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01022775
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010227AD
.text C:\WINDOWS\System32\alg.exe[3772] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C328B1
.text C:\WINDOWS\System32\alg.exe[3772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C3273D
.text C:\WINDOWS\System32\alg.exe[3772] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C3282F
.text C:\WINDOWS\System32\alg.exe[3772] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C32775
.text C:\WINDOWS\System32\alg.exe[3772] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C327AD
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F76
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F91
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A006B
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A004E
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FC7
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A8
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0097
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00E8
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D7
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F2A
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FAC
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0086
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0033
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0022
.text C:\WINDOWS\Explorer.EXE[3788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F4F
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9B
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290058
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[3788] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0058
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0033
.text C:\WINDOWS\Explorer.EXE[3788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[3788] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3788] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FDE
.text C:\WINDOWS\Explorer.EXE[3788] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FC3
.text C:\WINDOWS\Explorer.EXE[3788] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0FB2
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C228B1
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2273D
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C2282F
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C22775
.text C:\WINDOWS\Explorer.EXE[3788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C227AD
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FA28B1
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FA273D
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FA282F
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FA2775
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FA27AD
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01D328B1
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01D3273D
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01D3282F
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01D32775
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01D327AD
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5704] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A466838
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A4672A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F0C0000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F0C0000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[3788] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F100000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 8A0761C0

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 8A0761C0

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A0C1878
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A0C1878
Device \Driver\atapi \Device\Ide\IdePort0 8A0C1878
Device \Driver\atapi \Device\Ide\IdePort1 8A0C1878
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A0C1878
Device \Driver\Tcpip \Device\Udp 8A0761C0

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 8A0761C0

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 8A0761C0
Device \FileSystem\Fastfat \Fat B3B9AD20

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\Audio.CFG 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\_CutScenes\AkatorHub_Intro.ogg 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\_Music\1_0_HUB_1Nepal_Qui.ogg 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Movies\PC\attract.bik 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet Pro 8500 A909a Series@ChangeID 19067875
Reg HKLM\SOFTWARE\Classes\.celx@ celestia_script
Reg HKLM\SOFTWARE\Classes\.clx@ celestia_script
Reg HKLM\SOFTWARE\Classes\.cmo@ VirtoolsComposition
Reg HKLM\SOFTWARE\Classes\.cmo@Content Type application/x-virtools
Reg HKLM\SOFTWARE\Classes\.vmo@ VirtoolsPlayer
Reg HKLM\SOFTWARE\Classes\.vmo@Content Type application/x-virtoolsplayer
Reg HKLM\SOFTWARE\Classes\cel@ URL:cel Protocol
Reg HKLM\SOFTWARE\Classes\cel@URL Protocol
Reg HKLM\SOFTWARE\Classes\cel\Shell
Reg HKLM\SOFTWARE\Classes\cel\Shell@
Reg HKLM\SOFTWARE\Classes\cel\Shell\open
Reg HKLM\SOFTWARE\Classes\cel\Shell\open@
Reg HKLM\SOFTWARE\Classes\cel\Shell\open\Command
Reg HKLM\SOFTWARE\Classes\cel\Shell\open\Command@ "C:\Program Files\Celestia\celestia.exe" --once --dir "C:\Program Files\Celestia" -u "%1"
Reg HKLM\SOFTWARE\Classes\celestia_script@URL Protocol
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell@
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell\open
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell\open@
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell\open\Command
Reg HKLM\SOFTWARE\Classes\celestia_script\Shell\open\Command@ "C:\Program Files\Celestia\celestia.exe" --once --dir "C:\Program Files\Celestia" -u "%1"
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\InprocServer32@InprocServer32 _7fk)--Yp?%(+wEE,ytCImagexCore>sWm93!vv49{`Xxs.W[_'?
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\ProgID@ DAO.PrivateDBEngine.35
Reg HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1@ cpbrkpie Control
Reg HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1\CLSID@ {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Reg HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1\Insertable
Reg HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1\Insertable@
Reg HKLM\SOFTWARE\Classes\CurVer@ MVSVer.McVSVer.1
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller@ SwInstaller Class
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CLSID
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CLSID@ {D21ED08F-6B88-45EC-A71C-6BD453B561D0}
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CurVer
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CurVer@ Download.SwInstaller.1
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1@ SwInstaller Class
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1\CLSID
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1\CLSID@ {D21ED08F-6B88-45EC-A71C-6BD453B561D0}
Reg HKLM\SOFTWARE\Classes\English.cpl\CLSID
Reg HKLM\SOFTWARE\Classes\English.cpl\CLSID@ A77AA239-E2C4-4C0F-9331-8092C848271F
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler@ Google Updater Scheduler class
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CLSID
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CLSID@ {B53B7061-6584-46AA-A033-D610EB10BD9B}
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer@ GUSchedulerCtl.UpdaterScheduler.1
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1@ Google Updater Scheduler class
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1\CLSID
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1\CLSID@ {B53B7061-6584-46AA-A033-D610EB10BD9B}
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater@ Google Silent Updater class
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CLSID
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CLSID@ {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CurVer
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CurVer@ GUServiceCtl.SilentUpdater.1
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1@ Google Silent Updater class
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1\CLSID
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1\CLSID@ {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Reg HKLM\SOFTWARE\Classes\Manifest.Template.1@shellex HtmWSoAwPbapMgQRYrNDSwjhSqelmad
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer@ Japanese_Default Stemmer Class
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer\CLSID
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer\CLSID@ {CA2043A8-64C9-48ed-AB7E-BB5BBF735D2B}
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer.4@ Japanese_Default Stemmer Class
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer.4\CLSID
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Stemmer.4\CLSID@ {CA2043A8-64C9-48ed-AB7E-BB5BBF735D2B}
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker@ Japanese_Default Word Breaker Class
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker\CLSID
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker\CLSID@ {BE41F4E6-9EAD-498f-A473-F3CA66F9BE8B}
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker.4@ Japanese_Default Word Breaker Class
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker.4\CLSID
Reg HKLM\SOFTWARE\Classes\NLG.Japanese Wordbreaker.4\CLSID@ {BE41F4E6-9EAD-498f-A473-F3CA66F9BE8B}
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost@ ProtectorHost Class
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer@ ProtectorExe.ProtectorHost.1
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1@ ProtectorHost Class
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID
Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector@ Protector Class
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7}
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer@ protector_dll.Protector.1
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1@ Protector Class
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID@ {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer@ protector_dll.ProtectorBho.1
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID@ {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID@ {1AFCDC7D-C666-485B-8829-416FCFD77E17}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer@ SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID@ {1AFCDC7D-C666-485B-8829-416FCFD77E17}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer@ SWCtl.SWCtl.10.1.1
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer@ Swdir.SwInstallerCtl.1
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer@ Virtools Player File
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer@EditFlags 0
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\DefaultIcon@ C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx,0
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\Shell
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\Shell\Open
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VirtoolsPlayer\Shell\Open\Command@ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome %1
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer@ VirtoolsWebPlayer Class
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer\CLSID
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer\CLSID@ {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer\CurVer
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer\CurVer@ VirtoolsWebPlayerDll.VirtoolsWebPlayer.1
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer.1@ Virtools WebPlayer Class
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer.1\CLSID
Reg HKLM\SOFTWARE\Classes\VirtoolsWebPlayerDll.VirtoolsWebPlayer.1\CLSID@ {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 08 March 2010 - 01:05 PM

Hi,

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.



In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 March 2010 - 07:23 PM

Myrti,

Again, thanks for all your help! I ran the program as instructed; while running, saw the message:

C:\Documents and Settings\HelpAssistant removed

Program progressed as described in your first paragraph. Upon restarting, the following log appeared:

C:\Documents and Settings\Tom Jones\Desktop\HelpAsst_mebroot_fix.exe
Mon 03/08/2010 at 18:30:52.37

HelpAssistant account was found to be Active ~ attempting to de-activate

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators
The command completed successfully.

HelpAssistant account successfully set inactive
termsrv32.dll found ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll
HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2022739385-2928715528-1252583002-1005
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove

~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x0DF83CBD
malicious code @ sector 0x0DF83CC0 !
PE file found in sector at 0x0DF83CD6 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF83CBD
malicious code @ sector 0x0DF83CC0 !
PE file found in sector at 0x0DF83CD6 !
user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Mon 03/08/2010 at 19:15:41.96

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships
The command completed successfully.

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF83CBD
malicious code @ sector 0x0DF83CC0 !
PE file found in sector at 0x0DF83CD6 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3089:TCP"=3089:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"3246:TCP"=3246:TCP:*:Enabled:Services


~~ EOF ~~


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 09 March 2010 - 09:58 AM

Hi,

the log looks good! smile.gif It seems like we got rid of the infection.

How's the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 09 March 2010 - 07:50 PM

Myrti,

Thank you so much for your assistance! The PC seems to run faster and more importantly, I don't get redirect to the bogus website when I do online banking!

Just to double check, I did reboot my PC to see if any of the symptoms returned; everything looks OK!

Thanks again for your help!

tj

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 09 March 2010 - 08:04 PM

Hi,

please don't leave just yet. There are a couple of things I'd like to check to make sure there is nothing hiding on your PC.

First of all please run the following fix:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP" =-
    "52344:TCP" =-
    "2479:TCP" =-
    "3089:TCP" =-
    "3389:TCP" =-
    "3246:TCP" =-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65533:TCP" = -
    "52344:TCP" =-
    "2479:TCP" =-
    "3089:TCP" =-
    "3389:TCP" =-
    "3246:TCP" =-
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards myrti

Edited by myrti, 09 March 2010 - 08:05 PM.
hit reply to early

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 10 March 2010 - 07:13 PM

Myrti,

Here are the results from the first OTL run:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3089:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3089:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Benjamin Jones
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1011 bytes

User: Bradley Jones
->Temp folder emptied: 31232 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 10426 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2990 bytes

User: Janelle Jones
->Temp folder emptied: 1277274 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12773878 bytes
->Apple Safari cache emptied: 1203756 bytes
->Flash cache emptied: 230578 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Tom Jones
->Temp folder emptied: 4192473 bytes
->Temporary Internet Files folder emptied: 89805137 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 16015 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1092394 bytes
%systemroot%\System32 .tmp files removed: 56522201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13351602 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35930 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 172.00 mb


OTL by OldTimer - Version 3.1.36.0 log created on 03102010_180246


Here are the results from the second OTL run:

OTL logfile created on: 3/10/2010 6:39:42 PM - Run 2
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Tom Jones\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 50.10 Gb Free Space | 44.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 439.43 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYDESKTOP
Current User Name: Tom Jones
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom Jones\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\bgsvcgen.exe (B.H.A Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom Jones\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (bgsvcgen) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe (B.H.A Corporation)
SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Sonic Solutions)
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies)
DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsdrv.sys (B.H.A Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (eSpecBny) -- C:\WINDOWS\SYSTEM32\DRIVERS\eSpecBny.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/07/03 13:33:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/21 18:01:25 | 000,000,737 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts:
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1248219371327 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.games.yahoo.com/games/clients/y/ct2_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (ys) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/23 13:32:00 | 000,000,672 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/28 16:29:30 | 000,000,151 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 18:02:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/10 18:01:08 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Jones\Desktop\OTL.exe
[2010/03/09 15:41:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 18:30:51 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/03/07 11:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Old Timers
[2010/03/06 20:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/06 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/06 20:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Iobit
[2010/03/06 13:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\.bh_gui
[2010/03/06 13:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/03/06 13:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/03/02 22:47:27 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/02 07:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/01 22:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\DDS - Processes Running
[2010/03/01 20:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/03/01 20:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities
[2010/02/28 19:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\TaskList Home XP
[2010/02/28 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/28 17:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\HiJackThis
[2010/02/28 16:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\SUPERAntiSpyware.com
[2010/02/26 18:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\GlarySoft
[2010/02/26 18:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/02/26 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\registry cleaner
[2010/02/23 21:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Spybot S&D
[2010/02/22 19:57:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/22 19:57:27 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/22 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 19:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Desktop\Malwarebytes
[2010/02/21 12:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/02/20 20:47:34 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\Webroot
[2010/02/20 20:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/02/19 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\Malwarebytes
[2010/02/19 17:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/15 17:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/15 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/13 09:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/13 07:07:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/13 06:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Jones\Application Data\McAfee
[2010/02/07 15:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/04 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/31 02:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/31 02:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/25 14:42:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/02 15:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2008/06/02 10:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2007/11/26 10:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/09 14:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/06/19 22:58:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/21 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[1 C:\Documents and Settings\Tom Jones\My Documents\*.tmp files -> C:\Documents and Settings\Tom Jones\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 18:35:53 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Tom Jones\NTUSER.DAT
[2010/03/10 18:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/10 18:13:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/10 18:13:31 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/10 18:12:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/10 18:11:20 | 000,026,359 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/10 18:10:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/10 18:10:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 18:10:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/10 18:10:04 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/10 18:09:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom Jones\NTUSER.INI
[2010/03/10 18:01:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Jones\Desktop\OTL.exe
[2010/03/10 04:00:15 | 000,001,672 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LAC13A66949B745E08AC070D077272DAF.job
[2010/03/09 19:41:46 | 000,000,728 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/09 19:41:46 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/03/09 19:41:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System.ini
[2010/03/09 02:17:25 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\Roxio PhotoShow Updater.job
[2010/03/08 18:16:45 | 000,487,672 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/07 16:36:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe
[2010/03/06 20:46:20 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/03/06 00:53:16 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\mcafee stinger.opt
[2010/03/04 20:29:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 22:21:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom Jones\defogger_reenable
[2010/03/01 20:45:28 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities.lnk
[2010/03/01 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/28 17:44:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\HijackThis.lnk
[2010/02/26 18:34:59 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Registry Repair.lnk
[2010/02/26 18:34:59 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities Freeware.url
[2010/02/25 19:50:58 | 000,077,312 | ---- | M] () -- C:\WINDOWS\mbr.exe
[2010/02/23 22:02:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Desktop\Spybot - Search & Destroy.lnk
[2010/02/23 20:52:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100228-004621.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100228-003319.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100224-001640.backup
[2010/02/21 18:01:25 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/02/21 12:59:46 | 000,094,592 | ---- | M] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 12:49:47 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 12:42:43 | 000,077,419 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/02/21 12:27:40 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/20 20:47:28 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/02/15 19:37:37 | 000,004,210 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/02/08 21:29:55 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[1 C:\Documents and Settings\Tom Jones\My Documents\*.tmp files -> C:\Documents and Settings\Tom Jones\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 18:30:51 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/08 18:30:50 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/03/08 18:16:44 | 000,487,672 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/07 16:36:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\fh5j038i.exe
[2010/03/06 20:46:20 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/03/04 20:29:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 22:21:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom Jones\defogger_reenable
[2010/03/01 20:45:40 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/01 20:45:28 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities.lnk
[2010/02/28 17:44:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\HijackThis.lnk
[2010/02/28 11:25:09 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\mcafee stinger.opt
[2010/02/27 13:15:44 | 1609,637,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/26 18:34:59 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Registry Repair.lnk
[2010/02/26 18:34:59 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Glary Utilities Freeware.url
[2010/02/23 22:02:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Desktop\Spybot - Search & Destroy.lnk
[2010/02/21 12:27:40 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/21 12:22:49 | 000,077,419 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/20 21:02:38 | 000,001,672 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LAC13A66949B745E08AC070D077272DAF.job
[2010/02/20 20:44:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/02/20 07:27:35 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/08 21:29:55 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_C802877A-C432-429B-BAC2-5EA1CC7F4912.txt
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_B5F0AD4C-8680-4241-A952-03050D80367F.txt
[2009/06/12 14:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\7zip_progress_7C9ED510-8A7F-4ECB-B08F-5794501A7CF1.txt
[2009/06/11 02:04:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/26 17:44:29 | 000,004,210 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/12 22:39:09 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/08/01 20:38:10 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/08/01 20:29:04 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/11 11:35:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/01/25 21:32:48 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/25 21:32:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/06/10 07:52:54 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/02 10:54:41 | 000,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/04/02 10:54:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/04/02 10:45:12 | 000,017,414 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/27 21:09:03 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\fusioncache.dat
[2005/02/20 20:51:27 | 025,184,485 | ---- | C] () -- C:\Program Files\NV11ESD.exe
[2004/10/05 18:24:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/11 22:25:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\nshelikg.ini
[2004/04/06 20:11:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/01/22 14:55:46 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2004/01/22 14:55:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2004/01/22 14:55:45 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2004/01/11 17:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/11/02 09:35:52 | 000,000,455 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2002/12/21 16:02:46 | 000,000,066 | ---- | C] () -- C:\WINDOWS\HPCK2.INI
[2002/12/21 16:02:46 | 000,000,066 | ---- | C] () -- C:\WINDOWS\HPCK.INI
[2002/12/14 14:14:11 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/12/07 21:13:38 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2002/12/07 20:55:20 | 000,003,491 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/06 20:59:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom Jones\Application Data\dm.ini
[2002/11/27 21:36:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/11/27 21:19:36 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/11/27 20:58:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 17:42:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/29 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005777_.tmp.dll
[2002/08/29 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005745_.tmp.dll
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
< End of report >



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 11 March 2010 - 04:15 AM

Hi,

this is looking pretty good. How is your PC doing? Please run a scan with Eset next:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 March 2010 - 05:48 PM

Myrti,

I ran ESET -- ran a little over 4 hours. The run ended and the application displayed "No Threats Found". It did not provide an option of clicking on 'list of threats found' so I have no .txt file to post.

Is there anything else you would like me to check?

tj

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 PM

Posted 11 March 2010 - 06:03 PM

Hi,

yes, before getting to the final step I'd like you to update your programs:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Let me know if you run into any trouble with that.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 tahoesdad

tahoesdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 March 2010 - 08:40 PM

Myrti,

I updated the Java and Adobe applications and 'clicked off' some of the toolbar options. Everything seems to be working well.

Thanks,

tj




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users