Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problems


  • This topic is locked This topic is locked
23 replies to this topic

#1 Bethiah

Bethiah

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 03 July 2010 - 03:55 PM

I have had redirect problems a couple of times but by following your forum and running HiJackThis and Malwarebytes was able to fix the problem. It is not working this time. Ran both programs twice. HiJackThis keeps picking up the '04' H something lines and I keep deleting them. Malwarebytes picked up infected files the first time through but nothing on the second time.

Enabled Firewall
Ran Defogger
Saved DSS.txt and attach
Running Gmer

20 min later

Still running Gmer

Gmer done and saved

Here are the attachments, thank you for your help

Merged posts and removed my reply. ~ OB

Attached Files


Edited by Orange Blossom, 04 July 2010 - 11:23 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 07 July 2010 - 06:30 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 09:54 AM

Hello and thank you.
Trying to run OTL, started scanning then stalled at "Scanning service: xmlprov. . ." then the computer crashed and had to be hard booted. Double checked Defogger and am trying again. Stalled at the same place and will probably crash any minute now. I am sending this from the trusty laptop so I can continue the thread. Thank you, again. I really appreciate this as the problem is on my office computer.

Just crashed again. Will reboot and try the GMER. **sigh**

Edited by Bethiah, 07 July 2010 - 09:59 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 07 July 2010 - 10:18 AM

Are you sure that was OTL and not GMER?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 10:21 AM

Positive. Gmer currently running and I know it takes a while. Will try OTL in safe mode when Gmer is done.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 07 July 2010 - 10:56 AM

Try OTL with the Services option set to None.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 03:40 PM

I am sorry about the delay. Had to do some actual work while the bosses were here. Here is the Gmer.log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 09:41:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxddypob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7346DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7346DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7346DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7346E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7346D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7346D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7346D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7346DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7346E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7346E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7346E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7346E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7346E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5FD7360, 0x20574D, 0xE8000020]
.rsrc C:\WINDOWS\system32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xF313BA14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E3001E
.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0246000A
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460F6D
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02460F7E
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02460FA5
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460FB6
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02460FDB
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02460F3A
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02460F4B
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02460F18
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024600B1
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02460EF3
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02460058
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0246001B
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02460F5C
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0246003D
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0246002C
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02460F29
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01F00FB9
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01F00F68
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01F00FD4
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01F00FE5
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01F00F79
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01F00000
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01F00025
.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01F00FA8
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01EF0066
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!system 77C293C7 5 Bytes JMP 01EF0FDB
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01EF003A
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01EF0000
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01EF004B
.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01EF001D
.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 014B0000
.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 014B0FE5
.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 014B0FCA
.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 014B0FAF
.text C:\WINDOWS\Explorer.EXE[328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01540000
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC008A
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F95
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC006F
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0054
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0039
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC00A5
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F5D
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0F16
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F27
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0EF1
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F7A
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FCD
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC0F42
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0058
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0047
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB002C
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0F95
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FA6
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FB7
.text C:\WINDOWS\system32\svchost.exe[556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\svchost.exe[556] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[556] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[556] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[556] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[556] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F74
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0069
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0F9B
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC004E
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC00AB
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F63
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC00E8
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC00CD
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0F34
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC003D
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0084
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0FC0
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC00BC
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FAF
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB0036
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0025
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FB0F79
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 89]
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0F94
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070053
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FC8
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007002E
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FD9
.text C:\WINDOWS\system32\services.exe[1196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[1196] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1196] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[1196] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00050014
.text C:\WINDOWS\system32\services.exe[1196] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00050039
.text C:\WINDOWS\system32\services.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F41
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F52
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50F6D
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50036
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50EF8
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F09
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E5006C
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50EDD
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50EC2
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50F9E
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F30
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50014
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E5005B
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40FC3
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40F97
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40054
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FB2
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0F90
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0FA1
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FD7
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FC6
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\lsass.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\lsass.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\lsass.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02520FD4
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0252000A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02570000
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02570F59
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02570F7E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02570058
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02570F9B
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02570047
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02570075
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02570F2D
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02570F12
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025700AB
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025700C6
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02570FB6
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0257001B
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02570F3E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02570036
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02570FE5
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02570090
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0256001B
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02560F9B
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0256000A
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02560FD4
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02560058
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02560FE5
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02560047
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0256002C
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02550FA8
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 02550FC3
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02550029
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02550FEF
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02550FD4
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02550018
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0253000A
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02530FEF
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02530FCA
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02530FAF
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02540FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50011
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0F8A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA007F
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0FA5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0FC0
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0047
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA00B5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA009A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA00F2
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA00E1
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA0F48
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0062
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0011
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F6F
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA002C
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FDB
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA00C6
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F90FBC
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F9004D
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F90FCD
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F90032
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F90F90
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [19, 89]
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F90FA1
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F8003F
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F8002E
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F8001D
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F80FBE
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F80FE3
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 020E0FEF
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 020E001E
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 020E0FDE
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04020FEF
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04020F86
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04020071
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04020F97
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04020FA8
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04020040
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 040200B1
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04020F69
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 040200E0
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04020F3D
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04020F2C
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04020FB9
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0402000A
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04020096
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0402002F
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04020FD4
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04020F4E
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04010FDE
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04010094
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04010025
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04010014
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0401006F
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04010FEF
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0401005E
.text C:\WINDOWS\System32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04010FCD
.text C:\WINDOWS\System32\svchost.exe[1572] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EF000A
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04000040
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!system 77C293C7 5 Bytes JMP 04000FAB
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0400000A
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04000FE3
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0400001B
.text C:\WINDOWS\System32\svchost.exe[1572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04000FC6
.text C:\WINDOWS\System32\svchost.exe[1572] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03FE0000
.text C:\WINDOWS\System32\svchost.exe[1572] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03FE0FDB
.text C:\WINDOWS\System32\svchost.exe[1572] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03FE0FCA
.text C:\WINDOWS\System32\svchost.exe[1572] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03FE0025
.text C:\WINDOWS\System32\svchost.exe[1572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03FF000A
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A6005D
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60042
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60F68
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A60025
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A6008B
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F43
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A600CB
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A600B0
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A600DC
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60F83
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A6006E
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60F9E
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A60F32
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50FC3
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50014
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A50051
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A50040
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A4005A
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A4003F
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A4001D
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A4002E
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A4000C
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0097
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA007C
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA005F
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA004E
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FC7
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F7B
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA00C3
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F3E
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F59
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0F2D
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0FB6
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA00A8
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA003D
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA002C
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F6A
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C5006C
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C50051
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50036
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FAD
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40038
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40027
.text C:\WINDOWS\system32\svchost.exe[1908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[1908] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1908] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1908] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1908] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C2003D
.text C:\WINDOWS\system32\svchost.exe[1908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CA0025
.text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F8B
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30076
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30F9C
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30047
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30F4C
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30F5D
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300C0
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E300AF
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E300DB
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30F7A
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E3002C
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E30F31
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E20040
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20FC0
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E2002F
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E2007D
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E20062
.text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E20051
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0042
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FB7
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0031
.text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[2376] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[2376] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[2376] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[2376] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[2376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70089
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E7006E
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E7005D
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70F9E
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E70F52
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E70F79
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E700DA
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E700C9
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E700EB
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E700A4
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E70014
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E70F41
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E6006F
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E60054
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E60039
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E50F9A
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E50FB5
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E50FE3
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[2440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E50FC6
.text C:\WINDOWS\system32\svchost.exe[2440] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\svchost.exe[2440] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E4001B
.text C:\WINDOWS\system32\svchost.exe[2440] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[2440] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\dllhost.exe[4056] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\dllhost.exe[4056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\dllhost.exe[4056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01030FE5
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01030F66
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0103005B
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01030F81
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0103004A
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0103002F
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01030F2E
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01030F55
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010300C7
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010300B6
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010300E2
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01030FA8
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01030FCA
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01030076
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01030014
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01030FB9
.text C:\WINDOWS\system32\dllhost.exe[4056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0103009B
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01010036
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!system 77C293C7 5 Bytes JMP 01010025
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01010FC6
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01010FE3
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01010FB5
.text C:\WINDOWS\system32\dllhost.exe[4056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01020011
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0102004E
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01020FE5
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01020F91
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01020033
.text C:\WINDOWS\system32\dllhost.exe[4056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01020022
.text C:\WINDOWS\system32\dllhost.exe[4056] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\dllhost.exe[4056] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\dllhost.exe[4056] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\dllhost.exe[4056] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\dllhost.exe[4056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2272] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2272] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84D77EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 07 July 2010 - 03:46 PM

That shows all I need to see for now.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 04:16 PM

Okay, a couple of pieces of information. I use this computer for a very small mobile home park. I track payments and keep a log of bank deposits on a simple EXCEL spreadsheet. I very rarely check my personal bank account online but it does happen. I do most of my shopping for gifts, etc online as I live in a very tiny town with just one grocery store and one store that houses the hardware, pharmacy and liquor. Did I mention this is a tiny town? I use PayPal for online purchases.

As far as this computer I have no recovery disk or any of the original paperwork as it was purchased a few years ago and the owner's nor the previous managers of the park kept that information. Believe me, I looked everywhere.

I am not opposed to totally reinstalling everything unless I have to repurchase Windows, Office, etc.

Given my circumstances I can use my laptop for purchases and checking my bank account but what about my email? I guess I would like to try and clean this computer and take extra precautions by using my laptop. What do you think?

Oh, and here is the OTL log without the Services checked.

OTL logfile created on: 7/7/2010 1:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 365.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.52 Gb Total Space | 143.70 Gb Free Space | 82.34% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 4.64 Gb Free Space | 39.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTIER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 07:03:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 16:02:50 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/21 11:20:06 | 001,193,336 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/21 11:20:06 | 001,155,256 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/09/17 06:22:45 | 002,338,816 | ---- | M] () -- C:\Program Files\F@H\FahCore_78.exe
PRC - [2008/11/26 13:47:40 | 000,422,400 | ---- | M] () -- C:\Program Files\F@H\Folding@home-Win32-x86.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/07/07 07:03:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/01/25 01:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/01/23 22:41:52 | 004,145,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/12 23:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 23:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 23:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 23:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/30 00:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 20:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 13:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"


FF - HKLM\software\mozilla\FireFox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 03:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 19:01:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 13:38:59 | 000,000,000 | ---D | M]

[2008/09/06 11:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/06 14:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4faukxu9.default\extensions
[2010/02/01 14:35:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4faukxu9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 17:26:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4faukxu9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/06 14:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/22 19:47:49 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2002/04/18 08:39:16 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
[2005/01/19 20:48:22 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll
[2010/03/25 13:44:00 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/10/31 16:57:21 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/06/17 19:29:08 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/01/05 17:18:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517232811.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/18 05:04:07 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 18:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CannyGames
[2010/07/03 12:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Safe mirror
[2010/07/03 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/02 11:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/02 11:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/02 11:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wjomeynkw
[2010/07/01 16:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\SlimeArmy
[2010/07/01 13:57:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/07/01 13:57:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/07/01 13:57:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/07/01 13:57:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/07/01 13:57:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/07/01 13:57:44 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/07/01 13:57:42 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/07/01 13:57:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/06/30 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\BigFishv1000
[2010/06/30 15:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Mariaglorum
[2010/06/27 08:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/27 08:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/25 19:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rjnvhoqjd
[2010/06/25 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\A Gypsy's Tale - The Tower of Secrets
[2010/06/25 16:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\A Gypsy's Tale - The Tower of Secrets
[2010/06/25 15:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Mutant Arcade
[2010/06/22 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/06/22 19:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intenium
[2010/06/22 19:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DiVision Studios XAvenger
[2010/06/22 11:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Word Power
[2010/06/21 22:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Floodlight Games
[2010/06/21 22:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/06/13 23:03:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2010/06/13 18:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\yaeekx
[2010/06/12 16:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Fugazo
[2010/06/10 20:11:39 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/09 09:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 13:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 08:00:51 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/07 08:00:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 08:00:15 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/07 08:00:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 08:00:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 08:00:07 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/06 19:20:50 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/06 19:20:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/06 09:05:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2010/07/05 17:10:38 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/07/04 13:39:02 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/03 16:04:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/03 12:56:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/07/03 11:03:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 16:12:51 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\FOR RENT NOTICE.doc
[2010/07/01 00:32:55 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/06/25 19:28:12 | 002,117,066 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/06/25 14:53:36 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/25 14:53:36 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/25 11:53:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Payroll Report.xls
[2010/06/23 03:02:42 | 000,507,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:02:42 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:02:42 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/17 19:28:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 03:35:18 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:17:16 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 03:15:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 18:33:02 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2009 Active notes.xls
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 08:00:49 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/05 17:10:38 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/07/04 13:39:00 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/03 16:04:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/03 14:20:26 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/03 13:05:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2010/07/03 12:56:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/07/03 11:03:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 16:12:50 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\FOR RENT NOTICE.doc
[2010/05/27 15:45:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/02/05 19:26:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/11/02 16:09:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Route32.INI
[2009/11/02 16:04:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BOXERJAM.INI
[2008/09/24 01:43:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/06/30 19:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/21 18:32:21 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/08/24 11:06:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/08/23 18:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/18 05:33:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/18 05:12:09 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/05/18 05:07:52 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/05/18 05:07:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/05/18 05:04:51 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/05/18 05:01:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/18 04:48:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/05/18 04:31:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/05/18 04:27:17 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/18 04:27:17 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/18 04:27:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/18 04:27:17 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/05/18 04:27:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/18 04:27:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/05/18 04:27:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/05/18 04:25:44 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/12 16:00:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/12 16:00:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/12 15:59:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 21:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 14:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F2B6AF
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0B6888E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C771E1BC
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDAA2587
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DD4118
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21622A66
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA71AE7
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83BAA24B
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1AE3BE
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FBE1918
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A88B3
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DACB2B7
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9E325A2
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60723CC0
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A7D9DFC
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EB9FC
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517DBC32
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0DB8AB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:500F73A8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:082EF53F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8BCC942
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0A06891
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D91D7E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76953F21
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6247E766
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40EE25BB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D9D48F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4BB0AD6
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:583FE1DA
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F04C26
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE5FDB9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3B5F2D1
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F38BF31
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8725EB5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:249F95D0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4AB79AE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91A12471
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E11933F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E0E9645
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9EDCFB0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC733A73
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708AB985
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:526B3022
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6B89CE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21BB9E99
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9E9A5F9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC3C304
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8C785E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895C5142
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78739EC9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:413E2927
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CE15176
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FA1EAA7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62B9E014
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE818FA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:596E2371
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D3CB929
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:603FD11D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F4329D4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E7308B6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07D64CD9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3029A65
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5584049
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:803039D6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561568A4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9CDDE5E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED33A42
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71004506
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD47318
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:100E92DA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07D9FF25
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF0A5DD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88AA70D1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AC256BC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0692342
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64F7263
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ADB5110
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEEC88F6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD66B3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED194880
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAE3649B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBDFD2A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B67A5784
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E4F05ED
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C8D5426
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216EF84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD293EFB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B18C4339
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92F3A33D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C6D2EC3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7DD688
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87E0E06D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3900846D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D78CEB3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D8A6F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7973317
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B741B2C2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74CF0624
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D635C5B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ADA62
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D00B445
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD717D14
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B321E944
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC0528D9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB31C20
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D0E1028
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1451DA58
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E6E704F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E68A2AA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54F41DDA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E56502D3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887F3A41
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:064877B6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C0CA66
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0D9BBA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4D3884D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46D2E5A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:838FECBF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D0F6CE7
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A524EE6
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43D34EF3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3433021E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FABB9ADF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF4FB3C5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACE4E8E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45335F0B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1794697E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F11C259D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AD7DE94
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F16B288B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E266F325
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D431AA5F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79460433
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:339562A6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1828723E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FFDD521
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E61D6A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:459B4633
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08677BDD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C012695
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5BC70E
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A384652A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E8BA99C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90483D2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48081133
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F11C1BE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEDC61E9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0BD89FA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756B1F7B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D5DB8A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F5ECB6
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C44EEEE
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D9568BA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:313C5814
< End of report >


#10 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 04:25 PM

I hope this isn't redundant, here is the OTL extra log, I think.

OTL Extras logfile created on: 7/7/2010 1:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 365.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.52 Gb Total Space | 143.70 Gb Free Space | 82.34% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 4.64 Gb Free Space | 39.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTIER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0851DE58-C3D4-4D80-B13F-7391E3C2D03A}" = 6200
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DD852F9-CD8F-4CA8-9793-EC6F00C1F612}" = 6200_Help
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C077DF4F-B4DB-452E-A220-3587D9502E86}" = 6200Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"CCleaner" = CCleaner (remove only)
"CobBackup10" = Cobian Backup 10
"DISCover" = DISCover
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"jZip" = jZip
"Lemmings Revolution" = Lemmings Revolution
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers"

I hope this isn't redundant, here is the OTL extra log, I think.

OTL Extras logfile created on: 7/7/2010 1:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 365.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.52 Gb Total Space | 143.70 Gb Free Space | 82.34% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 4.64 Gb Free Space | 39.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTIER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0851DE58-C3D4-4D80-B13F-7391E3C2D03A}" = 6200
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DD852F9-CD8F-4CA8-9793-EC6F00C1F612}" = 6200_Help
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C077DF4F-B4DB-452E-A220-3587D9502E86}" = 6200Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"CCleaner" = CCleaner (remove only)
"CobBackup10" = Cobian Backup 10
"DISCover" = DISCover
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"jZip" = jZip
"Lemmings Revolution" = Lemmings Revolution
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Driver

I hope this isn't redundant, here is the OTL extra log, I think.

OTL Extras logfile created on: 7/7/2010 1:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 365.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.52 Gb Total Space | 143.70 Gb Free Space | 82.34% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 4.64 Gb Free Space | 39.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTIER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0851DE58-C3D4-4D80-B13F-7391E3C2D03A}" = 6200
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DD852F9-CD8F-4CA8-9793-EC6F00C1F612}" = 6200_Help
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C077DF4F-B4DB-452E-A220-3587D9502E86}" = 6200Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"CCleaner" = CCleaner (remove only)
"CobBackup10" = Cobian Backup 10
"DISCover" = DISCover
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"jZip" = jZip
"Lemmings Revolution" = Lemmings Revolution
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Driver

#11 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 07 July 2010 - 08:41 PM

I ran ComboFix twice, my computer shut down, came back up, but still no log. What am I doing wrong? McAfee was off both times. I'll just wait to hear from you. Thank you, again, for all your time. It is much appreciated.

Oh, and I am still getting random redirects. Now it isn't just google but I'll be on this site (bleeping computer) and another tab will just open up. I close them immediately and don't check to see where it is taking me.

Just a side thought. . .are any of the many, many people who are having this problem recently Stumblers? Love Stumbleupon but now am wondering if there is a link, although I have never been hijacked while Stumbling. Might make a good survey?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 08 July 2010 - 01:55 AM

Hello again, please try the following instead:
  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 08 July 2010 - 09:04 AM

Okay. Here is the latest.

07:02:30:654 2644 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
07:02:30:654 2644 ================================================================================
07:02:30:654 2644 SystemInfo:

07:02:30:654 2644 OS Version: 5.1.2600 ServicePack: 3.0
07:02:30:654 2644 Product type: Workstation
07:02:30:654 2644 ComputerName: FRONTIER
07:02:30:654 2644 UserName: HP_Administrator
07:02:30:654 2644 Windows directory: C:\WINDOWS
07:02:30:654 2644 System windows directory: C:\WINDOWS
07:02:30:654 2644 Processor architecture: Intel x86
07:02:30:654 2644 Number of processors: 1
07:02:30:654 2644 Page size: 0x1000
07:02:30:654 2644 Boot type: Normal boot
07:02:30:654 2644 ================================================================================
07:02:30:717 2644 Initialize success
07:02:30:717 2644
07:02:30:717 2644 Scanning Services ...
07:02:30:810 2644 Raw services enum returned 374 services
07:02:30:826 2644
07:02:30:826 2644 Scanning Drivers ...
07:02:31:701 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:02:31:732 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:02:31:779 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:02:31:842 2644 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
07:02:31:920 2644 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
07:02:31:998 2644 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
07:02:32:029 2644 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
07:02:32:060 2644 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
07:02:32:092 2644 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
07:02:32:092 2644 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
07:02:32:154 2644 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:02:32:154 2644 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
07:02:32:295 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:02:32:326 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:02:32:357 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:02:32:420 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:02:32:435 2644 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
07:02:32:451 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:02:32:638 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:02:32:670 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:02:32:717 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:02:32:732 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:02:32:779 2644 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
07:02:32:826 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:02:32:873 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:02:32:888 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:02:32:920 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:02:32:967 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:02:32:982 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:02:32:998 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:02:33:013 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:02:33:045 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:02:33:060 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:02:33:107 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:02:33:154 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:02:33:185 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:02:33:185 2644 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
07:02:33:201 2644 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
07:02:33:248 2644 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:02:33:310 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:02:33:326 2644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:02:33:342 2644 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:02:33:498 2644 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:02:33:498 2644 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:02:33:513 2644 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:02:33:576 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:02:33:638 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:02:33:717 2644 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
07:02:33:748 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:02:33:904 2644 IntcAzAudAddService (7ecae647d3fed13534e2fd63c8c1fab2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:02:33:935 2644 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:02:33:982 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:02:33:998 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:02:34:013 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:02:34:029 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:02:34:045 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:02:34:060 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:02:34:076 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:02:34:092 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:02:34:107 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:02:34:123 2644 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:02:34:154 2644 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
07:02:34:201 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:02:34:248 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:02:34:310 2644 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
07:02:34:373 2644 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
07:02:34:420 2644 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
07:02:34:451 2644 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
07:02:34:482 2644 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
07:02:34:513 2644 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
07:02:34:529 2644 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
07:02:34:529 2644 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
07:02:34:560 2644 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
07:02:34:592 2644 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:02:34:623 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:02:34:670 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:02:34:701 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:02:34:717 2644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:02:34:763 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:02:34:779 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:02:34:842 2644 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:02:34:857 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:02:34:888 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:02:34:904 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:02:34:920 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:02:34:967 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:02:34:982 2644 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:02:34:998 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:02:35:013 2644 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:02:35:029 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:02:35:045 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:02:35:060 2644 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:02:35:060 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:02:35:107 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\tsk138.tmp
07:02:35:107 2644 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk138.tmp. md5: 74b2b2f5bea5e9a3dc021d685551bd3d
07:02:35:138 2644 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:02:35:154 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:02:35:185 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:02:35:232 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:02:35:342 2644 nv (ce58f42b11be20a47c3d8d2f38da254e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:02:35:388 2644 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
07:02:35:420 2644 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
07:02:35:451 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:02:35:467 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:02:35:513 2644 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:02:35:545 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:02:35:545 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:02:35:576 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:02:35:592 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:02:35:623 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:02:35:654 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:02:35:795 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:02:35:810 2644 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:02:35:857 2644 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
07:02:35:873 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:02:35:888 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:02:35:904 2644 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:02:35:967 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:02:35:967 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:02:35:982 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:02:35:998 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:02:36:013 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:02:36:029 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:02:36:045 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:02:36:076 2644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:02:36:123 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:02:36:170 2644 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:02:36:185 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:02:36:217 2644 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:02:36:248 2644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:02:36:263 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:02:36:310 2644 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
07:02:36:342 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:02:36:373 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:02:36:420 2644 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
07:02:36:451 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:02:36:467 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:02:36:513 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:02:36:560 2644 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys
07:02:36:592 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:02:36:623 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:02:36:654 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:02:36:685 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:02:36:717 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:02:36:763 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:02:36:779 2644 USBAAPL (39d087ff228c9cd57ce766bf0c9c62de) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:02:36:842 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:02:36:888 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:02:36:920 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:02:36:951 2644 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:02:36:951 2644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:02:36:967 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:02:36:982 2644 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:02:37:013 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:02:37:045 2644 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
07:02:37:076 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:02:37:092 2644 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:02:37:092 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:02:37:107 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:02:37:138 2644 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:02:37:185 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:02:37:217 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:02:37:248 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:02:37:248 2644
07:02:37:248 2644 Completed
07:02:37:248 2644
07:02:37:248 2644 Results:
07:02:37:248 2644 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:02:37:248 2644 File objects infected / cured / cured on reboot: 0 / 0 / 0
07:02:37:248 2644
07:02:37:248 2644 KLMD(ARK) unloaded successfully


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:38 AM

Posted 08 July 2010 - 11:51 AM

Please reset your router (it should have a button on the backside for it) and let me know if that fixes the redirect problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Bethiah

Bethiah
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 08 July 2010 - 01:58 PM

That was an ordeal. Didn't have my IP address, didn't have my account ID, didn't have the password. . .BUT. . .finally got all the info and reset the router. So far it looks like I'm good. I'll surf around for awhile longer just to make sure. Thank you again for all your help. I'll post again in a couple of hours to let you know for sure.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users