Hi Elise, and thanks for your help.
I was able to run gmer this time fully without crashing. It examined all files on the system. Here are the logs:
OTL:
OTL logfile created on: 3/28/2010 6:58:42 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Connie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 123.47 Gb Free Space | 82.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.74 Gb Free Space | 93.19% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CBC
Current User Name: Connie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/03/28 15:16:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
PRC - [2009/12/18 11:03:12 | 000,472,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2009/12/18 11:01:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/10/01 17:27:29 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 17:27:19 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/16 17:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/07/27 17:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/05/08 17:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/24 09:31:28 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/08/15 15:04:47 | 000,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 15:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/02/28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/02/26 14:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
PRC - [2008/02/26 08:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 02:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2006/09/25 07:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
========== Modules (SafeList) ==========
MOD - [2010/03/28 15:16:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/12/18 11:01:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2009/10/01 17:27:29 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/05/08 17:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2008/08/15 15:04:47 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812)
SRV - [2008/02/28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/10/18 11:51:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/10/01 17:27:21 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/09 15:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/10/17 18:35:48 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/02 11:52:54 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/01/31 12:23:42 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/01/31 12:20:36 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/03 09:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/19 23:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/19 23:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/08/27 18:51:18 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/16 08:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/13 19:57:02 | 000,090,357 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1110Vid.sys -- (P1110VID)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080815
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll (IBM Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPPQVideo] C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe (IBM Corporation)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D}
http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3}
http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
http://community.weightwatchers.com/Script...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3}
http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}
http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763}
http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463}
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853}
http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools
http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.705.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Connie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Connie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0670131e-b073-11dd-963f-00219b03bf5d}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{b7cba438-cfc2-11de-969a-00219b03bf5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b7cba438-cfc2-11de-969a-00219b03bf5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7cba438-cfc2-11de-969a-00219b03bf5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f311732d-f4ae-11de-96a1-00219b03bf5d}\Shell - "" = AutoRun
O33 - MountPoints2\{f311732d-f4ae-11de-96a1-00219b03bf5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f311732d-f4ae-11de-96a1-00219b03bf5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/28 18:58:09 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/03/23 11:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Desktop\gmer
[2010/03/23 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Application Data\Malwarebytes
[2010/03/23 10:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/23 10:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/23 10:34:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connie\Desktop\mbam-setup.exe
[2010/03/22 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/03/22 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/03/22 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/22 19:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/22 19:35:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/21 23:14:18 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/21 20:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Application Data\Office Genuine Advantage
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/03/21 19:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/03/21 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/03/21 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/19 11:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Local Settings\Application Data\Temp
[2010/03/19 11:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/19 08:10:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Connie\Recent
[2010/03/19 07:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/15 19:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\My Documents\Downloads
[2010/03/15 19:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/03/15 19:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/02/26 22:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Saved Games
[2010/02/26 22:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Application Data\Flood Light Games
[2010/02/26 22:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/01/20 08:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/14 20:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/09/08 08:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/08/16 12:51:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/11 10:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/21 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2009/01/11 22:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/19 19:26:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/29 03:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/28 15:16:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/03/27 22:29:05 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/03/27 21:48:34 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\Excel.lnk
[2010/03/27 20:26:26 | 000,016,476 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/27 19:28:08 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\Microsoft Office Outlook 2007.lnk
[2010/03/27 19:20:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/27 19:18:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/27 19:18:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/27 19:18:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/27 19:18:01 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 19:17:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Connie\ntuser.ini
[2010/03/27 19:17:09 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Connie\ntuser.dat
[2010/03/27 19:16:31 | 000,012,329 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\fishville Compete.xlsx
[2010/03/27 17:33:51 | 000,026,090 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos 35A_Inspection.xfdl
[2010/03/27 17:27:58 | 000,012,035 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos TitleContingency.xfdl
[2010/03/27 17:27:12 | 000,014,750 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos Utilities.xfdl
[2010/03/27 17:26:51 | 000,024,894 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos lead.xfdl
[2010/03/27 17:26:05 | 000,020,627 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\santos fin.xfdl
[2010/03/27 17:24:16 | 000,059,309 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos.xfdl
[2010/03/27 08:28:13 | 000,000,587 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/27 08:28:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/27 08:28:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/26 20:48:06 | 000,017,927 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Fishville Chart-XP Level One.xlsx
[2010/03/25 17:50:20 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Connie\My Documents\~$fishville Compete.xlsx
[2010/03/23 11:30:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\gmer.zip
[2010/03/23 11:24:51 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/03/23 11:23:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Connie\defogger_reenable
[2010/03/23 11:22:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\Defogger.exe
[2010/03/23 10:34:47 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connie\Desktop\mbam-setup.exe
[2010/03/22 21:51:39 | 000,025,883 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Santos Inspect.xfdl
[2010/03/22 21:46:42 | 000,058,847 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\santos p&S.xfdl
[2010/03/22 20:37:47 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/22 20:36:33 | 000,556,758 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 20:36:33 | 000,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 20:36:33 | 000,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/22 08:02:53 | 000,018,928 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\fishville level timing.xlsx
[2010/03/22 07:34:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/19 08:10:25 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\CCleaner.lnk
[2010/03/15 19:58:41 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\DivX Movies.lnk
[2010/03/12 21:44:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/03/10 21:34:44 | 021,827,584 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Brown Flyer.pub
[2010/03/10 18:36:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\Microsoft Office Publisher 2003 (2).lnk
[2010/02/28 20:23:26 | 000,010,666 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\1096 template.docx
[2010/02/28 19:53:13 | 000,010,411 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\W3 template.docx
[2010/02/28 19:39:06 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\Word.lnk
[2010/02/28 19:31:29 | 000,010,585 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\W2 Template.docx
[2010/02/27 10:15:13 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Keep eyes on God.pub
[2010/02/26 22:03:07 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\MSN Games.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/27 19:28:16 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/03/27 17:33:51 | 000,026,090 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos 35A_Inspection.xfdl
[2010/03/27 17:27:58 | 000,012,035 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos TitleContingency.xfdl
[2010/03/27 17:27:12 | 000,014,750 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos Utilities.xfdl
[2010/03/25 17:50:20 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Connie\My Documents\~$fishville Compete.xlsx
[2010/03/23 11:30:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\gmer.zip
[2010/03/23 11:24:45 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/03/23 11:23:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Connie\defogger_reenable
[2010/03/23 11:22:55 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\Defogger.exe
[2010/03/22 21:51:39 | 000,025,883 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos Inspect.xfdl
[2010/03/22 21:50:55 | 000,024,894 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos lead.xfdl
[2010/03/22 21:48:58 | 000,020,627 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\santos fin.xfdl
[2010/03/22 21:46:42 | 000,058,847 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\santos p&S.xfdl
[2010/03/22 21:42:16 | 000,059,309 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Santos.xfdl
[2010/03/22 07:34:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/21 19:16:45 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/15 19:58:41 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\DivX Movies.lnk
[2010/03/14 20:25:06 | 000,012,329 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\fishville Compete.xlsx
[2010/03/12 21:44:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/03/09 22:20:25 | 021,827,584 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Brown Flyer.pub
[2010/02/28 20:23:26 | 000,010,666 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\1096 template.docx
[2010/02/28 19:46:44 | 000,010,411 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\W3 template.docx
[2010/02/28 19:23:07 | 000,010,585 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\W2 Template.docx
[2010/02/27 10:08:05 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Keep eyes on God.pub
[2010/01/08 15:57:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/17 10:53:21 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/01/20 20:11:17 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/12/10 11:06:08 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/10/16 19:19:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\sview.ini
[2008/09/14 06:58:23 | 000,734,764 | ---- | C] () -- C:\Documents and Settings\Connie\Application Data\datasafeupdate.msi
[2008/08/30 11:44:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/29 20:03:57 | 000,005,598 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/27 20:18:46 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agi1600.dll
[2008/08/27 20:18:45 | 001,777,664 | R--- | C] () -- C:\WINDOWS\System32\zhp1600r.dll
[2008/08/27 20:18:44 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP1600.dll
[2008/08/27 07:35:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/26 19:52:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Connie\Local Settings\Application Data\fusioncache.dat
[2008/08/15 15:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/15 14:40:12 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/28 15:30:08 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/10/18 18:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC1C318
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40546375
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5BB3657
< End of report >
Here is the extras log:
OTL Extras logfile created on: 3/28/2010 6:58:42 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Connie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 123.47 Gb Free Space | 82.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.74 Gb Free Space | 93.19% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CBC
Current User Name: Connie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1C5D5D15-CABD-4C5A-A80E-B5C4CA6FE90A}" = hppTLBXFXCP1510
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42756145-9997-4D28-809B-8756BFD00107}" = Microsoft Digital Image Pro 10
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50CE6FB8-23DF-42B1-98CE-AA17A0905C7A}" = Learning QuickBooks 2009
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51592ABE-532F-4E96-8AE3-97A5AA0FB5D2}" = Desktop Notifier
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5E894531-91FB-4B76-AA0F-49E0E1F357D6}" = hppPQVideoCP1510
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64FD4D83-085A-49D0-905A-F06057B73DA3}" = hppCLJCP1510
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115650950}" = Top Chef
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{9203AC41-0E7B-445A-98E6-AB3072CB4A10}" = HPCarePackProducts
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73B}" = IBM Lotus Forms Viewer 3.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B932A416-28A7-4D08-89A6-7A0464DAD37D}" = hpzTLBXFX
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C239BCD7-882A-478F-A5CF-DDEB074A4291}" = eBook Library by Sony
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED5BDA06-0D68-4B4C-93FE-50BE94ADA6E9}" = hppManualsCP1510
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"AAA Logo 2009 Free Trial_is1" = AAA Logo 2009 Home Edition 3.0 Free Trial
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"BASICR" = Microsoft Office Basic 2007
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative PC-CAM Center" = Creative PC-CAM Center Lite
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX User's Guide English" = Creative WebCam NX User's Guide (English)
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"EFileMagic" = E-File Magic - 2009
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HijackThis" = HijackThis 1.99.1
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HP-Color LaserJet 1600" = Color LaserJet 1600
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Learning QuickBooks 2009" = Learning QuickBooks 2009
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"MVS" = McAfee Virus and Spyware Protection Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_PI2_v10" = Microsoft Digital Image Pro 10
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"Time Stamp_is1" = Time Stamp
"W2 Mate (2009)_is1" = W2 Mate (2009) 6.0.35
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2803712148-4218544504-2834424877-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player
"SmartDraw 2009" = SmartDraw 2009
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/26/2010 9:50:46 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 9:51:15 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 9:51:40 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 10:25:30 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 10:25:30 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 10:25:30 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/26/2010 10:25:43 PM | Computer Name = CBC | Source = QuickBooks | ID = 4
Description =
Error - 3/27/2010 11:27:51 AM | Computer Name = CBC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 hptlbxfx.exe, P2 3.13.279.0, P3 46d446dd, P4
hpapptools, P5 3.13.279.0, P6 46d446ae, P7 13d, P8 f, P9 system.nullreferenceexception,
P10 NIL.
Error - 3/27/2010 10:26:15 PM | Computer Name = CBC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 hptlbxfx.exe, P2 3.13.279.0, P3 46d446dd, P4
hpapptools, P5 3.13.279.0, P6 46d446ae, P7 13d, P8 f, P9 system.nullreferenceexception,
P10 NIL.
Error - 3/27/2010 10:31:02 PM | Computer Name = CBC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
[ OSession Events ]
Error - 9/2/2008 11:38:37 PM | Computer Name = D85H45H1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 134729
seconds with 3180 seconds of active time. This session ended with a crash.
Error - 11/30/2008 11:22:20 AM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 396145
seconds with 5940 seconds of active time. This session ended with a crash.
Error - 12/15/2008 10:58:18 PM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 122136
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 2/28/2009 3:37:14 PM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 270130
seconds with 9060 seconds of active time. This session ended with a crash.
Error - 3/23/2009 11:53:33 AM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 296905
seconds with 4200 seconds of active time. This session ended with a crash.
Error - 4/27/2009 9:47:11 AM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 122918
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 9/4/2009 11:44:56 AM | Computer Name = CBC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1597
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/23/2010 2:40:33 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 3/23/2010 2:40:37 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7034
Description = The McAfee Virus and Spyware Protection Service service terminated
unexpectedly. It has done this 1 time(s).
Error - 3/23/2010 3:30:10 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/23/2010 3:53:21 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/23/2010 4:34:00 PM | Computer Name = CBC | Source = DCOM | ID = 10010
Description = The server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} did not register
with DCOM within the required timeout.
Error - 3/23/2010 7:26:25 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/25/2010 10:16:31 AM | Computer Name = CBC | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{BE745E1D-25BE-4BC7-8280-2A2CE352C1B8}. The
backup browser is stopping.
Error - 3/27/2010 11:09:23 AM | Computer Name = CBC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.2 on
the Network Card with network address 00219B03BF5D.
Error - 3/27/2010 11:14:37 AM | Computer Name = CBC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/27/2010 10:20:21 PM | Computer Name = CBC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
< End of report >
Here is the GMER log:
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-03-28 20:46:59
Windows 5.1.2600 Service Pack 3
Running: d96xwglg.exe; Driver: C:\DOCUME~1\Connie\LOCALS~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB0B6C78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0B6C738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB0B6C74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB0B6C7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0B6C710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0B6C724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB0B6C79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0B6C776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0B6C762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB0B6C7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB0B6C7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB0B6C7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B0B6C7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B0B6C78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP B0B6C7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP B0B6C7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP B0B6C7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP B0B6C714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP B0B6C728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP B0B6C766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B0B6C750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP B0B6C73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP B0B6C77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP B0B6C7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xB9F21780]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F000A
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013F0F86
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013F0FA1
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013F0FB2
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013F006F
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013F0FD4
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013F00C4
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013F00A7
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013F00DF
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013F0F46
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013F00FA
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013F0FC3
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013F0025
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013F0096
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013F0036
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013F0FE5
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013F0F61
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013E0047
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013E0087
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013E0036
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013E001B
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013E006C
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013E0000
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 013E0FCA
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5E, 89]
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013E0FDB
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FBC
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\services.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E4008E
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40073
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40062
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40051
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F63
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E400B5
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F41
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400D0
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400EB
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40FAF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F7E
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40F52
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30079
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30014
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30054
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [03, 89]
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60FB5
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60FD7
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60FC6
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026D000A
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026D0F6D
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026D0F7E
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026D0058
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026D0FA5
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026D0036
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026D0F41
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026D0F52
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026D0F15
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026D0F26
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026D00D3
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026D0047
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026D0FEF
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026D007D
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026D0FCA
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026D001B
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026D00A4
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 026C0FE5
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 026C006C
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 026C0036
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 026C0025
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 026C0FAF
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 026C000A
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 026C0051
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 026C0FCA
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026B0042
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!system 77C293C7 5 Bytes JMP 026B0031
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026B0FD2
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026B0000
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026B0FC1
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026B0FE3
.text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026A0FEF
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012A0000
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012A0F9E
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012A0093
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012A006C
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012A0051
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012A002C
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012A0F83
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012A00CB
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012A00F0
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012A0F57
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012A0F32
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012A0FAF
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012A0011
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012A00AE
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012A0FC0
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012A0FD1
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012A0F72
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01290FCA
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0129005B
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01290FDB
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01290011
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01290F9E
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01290000
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01290FAF
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 89]
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01290036
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FAD
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0038
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FBE
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF001D
.text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026E0FEF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026E0067
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026E0F72
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026E0F83
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026E0040
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026E0FAF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026E0078
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026E0F30
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026E0F0B
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026E009A
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026E00BF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026E0F9E
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026E0FD4
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026E0F4D
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026E0025
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026E000A
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026E0089
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 026D002F
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 026D0080
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 026D001E
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 026D0FDE
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 026D0FB9
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 026D0FEF
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 026D005B
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 026D004A
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026B0F90
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 026B0FAB
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026B001B
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026B0000
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026B0FBC
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026B0FD7
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026A000A
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02690000
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02690FE5
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02690FCA
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 0269001B
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F7C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F8D
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090005B
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900F44
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F61
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009000C9
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009000B8
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000E4
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900F9E
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0090008C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009000A7
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F0051
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F0F94
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008F0FAF
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AF, 88]
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F0036
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0FC8
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0053
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0038
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E000C
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FE3
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E001D
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00078
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B0005B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B0002F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00F4D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00F5E
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B00F2B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B000BA
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B000DF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B00089
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B00F3C
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF002C
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF004E
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF001B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF0F91
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AF003D
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0FAB
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE001B
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FC6
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0FD7
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F5F
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F7A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F97
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE008A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0079
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00AC
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F13
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00BD
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F4E
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE009B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30076
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30014
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30065
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A2006E
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20053
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A2002E
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FD9
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2001D
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00A00FC0
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012E0000
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012E0F70
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012E006F
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012E0054
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012E0F97
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012E002F
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012E00B8
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012E009D
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012E00C9
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012E0F3A
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012E00EE
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012E0FB2
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012E0FE5
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012E0080
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012E0FC3
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012E0FD4
.text C:\WINDOWS\Explorer.EXE[1944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012E0F4B
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012D0FE5
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012D0080
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012D0036
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012D0011
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012D0FB9
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012D0000
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012D0FCA
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4D, 89]
.text C:\WINDOWS\Explorer.EXE[1944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012D0051
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012C0FE3
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!system 77C293C7 5 Bytes JMP 012C006E
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012C002E
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012C0000
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012C0053
.text C:\WINDOWS\Explorer.EXE[1944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012C001D
.text C:\WINDOWS\Explorer.EXE[1944] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\Explorer.EXE[1944] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00DE000A
.text C:\WINDOWS\Explorer.EXE[1944] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00DE0FD4
.text C:\WINDOWS\Explorer.EXE[1944] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00DE0025
.text C:\WINDOWS\Explorer.EXE[1944] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00E30000
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F66
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005B
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A009D
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00E4
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00BF
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F30
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0076
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00AE
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F68
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F79
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F94
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0049
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FBE
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FE3
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0038
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0011
.text C:\WINDOWS\System32\svchost.exe[2212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F3C
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C0003B
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F61
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C0001E
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00F97
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00EF3
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F0E
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00EC7
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00060
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C0007B
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00F7C
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F2B
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00EE2
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF006C
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0014
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F9C
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FB7
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0031
.text C:\WINDOWS\system32\svchost.exe[2228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0073
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F7E
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0062
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0FA5
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0047
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA009F
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0F63
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F06
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0F21
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00BA
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0FB6
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA008E
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\svchost.exe[3224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA0F32
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90025
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D9005B
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90F9E
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90FB9
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
.text C:\WINDOWS\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90040
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80FB4
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80049
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D8001D
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80038
.text C:\WINDOWS\system32\svchost.exe[3224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D8000C
.text C:\WINDOWS\system32\SearchIndexer.exe[3448] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0027007B
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270060
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F7C
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F8D
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FA8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F4E
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F6B
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C2
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700A7
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700D3
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270025
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270096
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FB9
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F33
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FCA
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360055
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360029
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360044
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360018
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370FDB
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370073
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037002C
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0037001B
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370062
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370000
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370FCA
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370051
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02ED0FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02EE000A
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02EE001B
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02EE0FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[6092] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02EE0040
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----