Solved Slow PC

[Resolved] Slow PC

My PC has been running extremely slow lately. Although I don't see any signs of an infection (e.g. hijacked pages, pop-ups, etc.). Below are the requested logs.

Thank you in advance.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/8/2011 7:49:59 PM
mbam-log-2011-02-08 (19-49-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 252727
Time elapsed: 36 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER Pt 1.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-13 01:23:10
Windows 5.1.2600 Service Pack 3 Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-36 WDC_WD360GD-00FLA1 rev.27.08D27
Running: mynjl74u.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fwtyqpob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF743E0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF743E0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF743E120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF743E176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF743E0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF743E0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF743E0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF743E10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF743E14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF743E136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF743E1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF743E18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF743E160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xBA272000, 0x198FE0, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900022
.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA009D
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00E6
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00D5
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0101
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F68
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F4D
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA00B8
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90F9E
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90F3C
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90F57
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B90F68
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 88]
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90F8D
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930066
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930055
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0093000C
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930044
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930029
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00690000
.text C:\WINDOWS\System32\svchost.exe[456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00690FE5
.text C:\WINDOWS\System32\svchost.exe[456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069001B
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0049
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0038
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D001B
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D0F68
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0F9E
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D0095
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D0F43
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D00D2
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D00C1
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D00ED
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0F83
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D006E
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0FB9
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D00B0
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0025
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0062
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0FCA
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0047
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006C0FAF
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 88]
.text C:\WINDOWS\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0036
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006B0F70
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!system 77C293C7 5 Bytes JMP 006B0F81
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006B0FB7
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006B0FA6
.text C:\WINDOWS\System32\svchost.exe[456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006B0FD2
.text C:\WINDOWS\System32\svchost.exe[456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006A0000
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B20025
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B20014
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50F66
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B5005B
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B5004A
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50F8D
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F55
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50091
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50F18
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F33
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B500CC
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50F9E
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50FDE
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50076
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B5001B
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F44
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FDB
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40F83
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B40F94
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D4, 88] {AAM 0x88}
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B30F9C
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30FB7
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B3000C
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30027
.text C:\WINDOWS\system32\svchost.exe[504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B30FD2
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01B80000
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01B80025
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01B80FEF
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01BD0FEF
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01BD0F79
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01BD006E
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01BD0F8A
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01BD003D
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01BD0022
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01BD009A
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01BD0F52
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01BD00DA
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01BD0F41
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01BD0F26
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01BD0F9B
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01BD0000
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01BD0089
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01BD0011
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01BD0FCA
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01BD00BF
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01BC002C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01BC0062
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01BC0FDB
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01BC001B
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01BC0FA5
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01BC0000
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01BC0FB6
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 89]
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01BC003D
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01BB005F
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!system 77C293C7 5 Bytes JMP 01BB0FD4
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01BB0033
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01BB000C
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01BB0044
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01BB0FEF
.text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01BA000A
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01B90FEF
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01B90FDE
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01B90FC3
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01B90FB2
.text C:\WINDOWS\System32\svchost.exe[556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00000
.text C:\WINDOWS\System32\svchost.exe[556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F0002C
.text C:\WINDOWS\System32\svchost.exe[556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F0001B
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F94
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40089
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F4006C
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F4004A
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F400B5
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F400A4
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F2D
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F400C6
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F400E1
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F4005B
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4001B
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40F83
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\System32\svchost.exe[556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F48
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FCA
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30051
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F3001B
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30000
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30F8A
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F30FA5
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [13, 89]
.text C:\WINDOWS\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30036
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20FAB
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20036
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD7
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FBC
.text C:\WINDOWS\System32\svchost.exe[556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\System32\svchost.exe[556] WS2_32.dll!socket

 

GMER Pt. 2

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C50000
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0000
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F9C
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0091
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0080
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0065
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE00C9
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F81
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00F5
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00E4
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0110
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE001B
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE00AC
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE002C
.text C:\WINDOWS\Explorer.EXE[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F66
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD002F
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0F72
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0F83
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90FAD
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C9002E
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C90FD2
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90000
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C9001D
.text C:\WINDOWS\Explorer.EXE[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C90FE3
.text C:\WINDOWS\Explorer.EXE[908] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[908] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\Explorer.EXE[908] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00C6001B
.text C:\WINDOWS\Explorer.EXE[908] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00C60FCA
.text C:\WINDOWS\Explorer.EXE[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0089
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0078
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0051
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF00B7
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF009A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F54
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00E3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0108
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0011
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F79
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF00D2
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0069
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0058
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0FC1
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FE3
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0042
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD001D
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00690000
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00690FDB
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00690011
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0F55
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0F66
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D0040
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D0F83
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0FAF
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D0065
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D0F1D
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D0EDD
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D0080
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D0ECC
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0F9E
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D0F3A
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0025
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D0F02
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C001E
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0F72
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0FCD
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0F83
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006C002F
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0FB2
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006B0053
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 006B0038
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006B0FC8
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006B001D
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011F0086
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F0075
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011F0F9B
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011F0058
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011F002C
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011F00AB
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011F0F63
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011F0F2D
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011F00C6
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011F0F1C
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011F0047
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F0FE5
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011F0F80
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011F0FC0
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011F001B
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011F0F48
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011E0FB9
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011E006C
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011E0FCA
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011E0000
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011E0051
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011E0FEF
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 011E0036
.text C:\WINDOWS\system32\services.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011E001B
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FA1
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FBC
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD7
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\services.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90FDE
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0093
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED006C
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00D0
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00BF
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F59
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00F2
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F48
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0036
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED00AE
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00E1
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0F94
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0051
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FAF
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\lsass.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC002C
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB002C
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FC6
.text C:\WINDOWS\system32\lsass.exe[1148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
.text C:\WINDOWS\Explorer.EXE[1212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[1212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCA
.text C:\WINDOWS\Explorer.EXE[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0038
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F4D
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F5E
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F6F
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0F94
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0073
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F21
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EF2
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0095
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00A6
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0011
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F32
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0000
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0084
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F83
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0040
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B003B
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0FB0
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC1
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0016
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 002D0FDE
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 002D0FC3
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 002D0014
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!socket

 

GMER Pt. 3

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE001B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20084
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20069
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20058
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B20FC0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B200CD
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B200BC
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B2011E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20103
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B2012F
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20047
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B20095
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B20036
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B2001B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B200F2
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B10FD4
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B1005B
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B10F9E
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B10040
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B10FB9
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B0004E
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00FC3
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00033
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00018
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30086
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30F91
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C3006B
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30FA2
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30044
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C300C3
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C300B2
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C300F2
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C30F59
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30F3E
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30FB3
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C300A1
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30033
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30022
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F6A
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B60FDB
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B60F9E
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B60022
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B60011
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B60FAF
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B60047
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B60FC0
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50FB7
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50038
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B5001D
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B5000C
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B50FC8
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B50FE3
.text C:\WINDOWS\system32\svchost.exe[1480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B40000
.text C:\WINDOWS\System32\svchost.exe[1620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 020B0000
.text C:\WINDOWS\System32\svchost.exe[1620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 020B0022
.text C:\WINDOWS\System32\svchost.exe[1620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 020B0011
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024C0000
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024C0F83
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024C0078
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024C0067
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024C0F9E
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024C001B
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024C0F46
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024C0F57
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024C00B3
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024C0F1A
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024C0EFF
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024C0040
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024C0FDB
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024C0F72
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024C0FB9
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024C0FCA
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024C0F35
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024B002C
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024B0F80
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024B001B
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024B0FE5
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024B0F9B
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024B000A
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 024B0FB6
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6B, 8A]
.text C:\WINDOWS\System32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024B0047
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020E0FA6
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 020E0027
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020E0FC1
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020E0FEF
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020E0016
.text C:\WINDOWS\System32\svchost.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 020E0FDE
.text C:\WINDOWS\System32\svchost.exe[1620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 020D000A
.text C:\WINDOWS\System32\svchost.exe[1620] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 020C0000
.text C:\WINDOWS\System32\svchost.exe[1620] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 020C0FDB
.text C:\WINDOWS\System32\svchost.exe[1620] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 020C0011
.text C:\WINDOWS\System32\svchost.exe[1620] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 020C0FC0
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0091005B
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F70
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F81
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091002F
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910098
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0091007D
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F09
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00910F24
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910EF8
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910FA8
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0091006C
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FC3
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910F35
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900047
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900FD1
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900098
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00900073
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900058
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008F004E
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 008F003D
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008F0FDE
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008F0FC3
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008F0018
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01760FE5
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01760FCA
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01760000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017B0000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017B0089
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 017B0F9E
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017B0FAF
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 017B006C
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017B0051
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017B00B5
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017B0F6D
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017B0F37
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017B0F52
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017B0F1C
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017B0FC0
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017B0011
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017B00A4
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 017B0FE5
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 017B002C
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017B00C6
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 017A0FCA
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 017A005B
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 017A0011
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 017A0000
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 017A0F9E
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 017A0FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 017A0FB9
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 89]
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 017A0040
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01790066
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!system 77C293C7 5 Bytes JMP 01790055
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01790029
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0179000C
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01790044
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01790FEF
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01780000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01770000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01770FE5
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01770025
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01770FD4
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0027000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F66
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027005B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027004A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270039
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB2
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270080
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F38
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F0C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F1D
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700C0
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F97
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FEF
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F55
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCD
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FDE
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270091
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!_wsystem 77C2931E 5 Bytes JMP 00380FB2
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!system 77C293C7 5 Bytes JMP 00380047
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!_creat 77C2D40F 5 Bytes JMP 00380FCD
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!_open 77C2F566 5 Bytes JMP 00380FEF
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!_wcreat 77C2FC9B 5 Bytes JMP 0038002C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] MSVCRT.dll!_wopen 77C30055 5 Bytes JMP 00380FDE
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00390036
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00390FB6
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0039001B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0039000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00390073
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00390FE5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00390062
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00390047
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0BFA0FEF
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0BFA000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0BFA0FD4
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 0BFA0FC3
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1896] ws2_32.dll!socket 71AB4211 5 Bytes JMP 0C3A0000
.text D:\Program Files\Mozilla Firefox\firefox.exe[5036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5036] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0A762720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5036] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 0A7629E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5036] WININET.dll!InternetConnectA 3D94B0B2 5 Bytes JMP 0A762AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5036] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0A762840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[5228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\Explorer.EXE[5228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009001B
.text C:\WINDOWS\Explorer.EXE[5228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F8B
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0080
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B004A
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B009B
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F5F
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F1D
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F2E
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F0C
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0065
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002F
.text C:\WINDOWS\Explorer.EXE[5228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00AC
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0011
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F6C
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0033
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F9B
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\Explorer.EXE[5228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0022
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B004E
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0029
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\Explorer.EXE[5228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[5228] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\Explorer.EXE[5228] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 002D0000
.text C:\WINDOWS\Explorer.EXE[5228] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 002D0FCA
.text C:\WINDOWS\Explorer.EXE[5228] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 002D0011
.text C:\WINDOWS\Explorer.EXE[5228] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01D80000
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[5828] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[6096] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[6096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCD
.text C:\WINDOWS\Explorer.EXE[6096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00B1
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0FBC
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0096
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B006F
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00DD
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00C2
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0124
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0109
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0135
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0FA1
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0040
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\Explorer.EXE[6096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00F8
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FA5
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0033
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0022
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F80
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\Explorer.EXE[6096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0011
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0053
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0027
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0038
.text C:\WINDOWS\Explorer.EXE[6096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B000C
.text C:\WINDOWS\Explorer.EXE[6096] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 002D0000
.text C:\WINDOWS\Explorer.EXE[6096] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 002D0025
.text C:\WINDOWS\Explorer.EXE[6096] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 002D0036
.text C:\WINDOWS\Explorer.EXE[6096] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\Explorer.EXE[6096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01880000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[996] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[996] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x038000fd

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF740B000 mfehidk.sys
0xF7667000 PxHelp20.sys
0xF7870000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7843000 NDIS.sys
0xF7829000 Mup.sys
0xF7677000 agp440.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA271000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xBA25D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA239000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1F2000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7927000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF776F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1DE000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF777F000 \SystemRoot\system32\drivers\Afc.sys
0xF7A52000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7587000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA1BB000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA105000 \SystemRoot\system32\drivers\smwdm.sys
0xBA0E1000 \SystemRoot\system32\drivers\portcls.sys
0xF7577000 \SystemRoot\system32\drivers\drmk.sys
0xBA0C9000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7A69000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA0B5000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7567000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9FFE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7557000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7547000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9FED000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7537000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9FC9000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB9F56000 \SystemRoot\system32\drivers\mfefirek.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9F26000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7527000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9EC8000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7887000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79A5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7ABB000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9FB5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9CE9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9C90000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9C7D000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xA9C57000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA788000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9C07000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA778000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9BE5000 \SystemRoot\System32\drivers\afd.sys
0xBA768000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9BBA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9B4A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA758000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9E9A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA718000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9E2C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA9ACF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xA9E20000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7817000 \SystemRoot\system32\DRIVERS\point32.sys
0xA9DFC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA9E18000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA9DEC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA9DDC000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xBA0A5000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xBA095000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9E10000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xA9A3F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7DC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF773F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A8C000 \SystemRoot\System32\drivers\dxgthk.sys
0xA7A1B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9C3B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBF6EC000 \SystemRoot\System32\ATMFD.DLL
0xA75DE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79D5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7707000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA74AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7365000 \SystemRoot\system32\DRIVERS\srv.sys
0xA71DE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7305000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7099000 \SystemRoot\system32\drivers\kmixer.sys
0xA6D1D000 \SystemRoot\system32\drivers\cfwids.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF061000 \SystemRoot\System32\ati2cqag.dll
0xBF0E9000 \SystemRoot\System32\atikvmag.dll
0xBF14F000 \SystemRoot\System32\atiok3x2.dll
0xBF18F000 \SystemRoot\System32\ati3duag.dll
0xBF4E6000 \SystemRoot\System32\ativvaxx.dll
0xA681B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9F508000 \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\fwtyqpob.sys
0xF79F3000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9F4F2000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA3F69000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 80):
0 System Idle Process
4 System
972 C:\WINDOWS\system32\smss.exe
1056 csrss.exe
1088 C:\WINDOWS\system32\winlogon.exe
1136 C:\WINDOWS\system32\services.exe
1148 C:\WINDOWS\system32\lsass.exe
1308 C:\WINDOWS\system32\ati2evxx.exe
1336 C:\WINDOWS\system32\svchost.exe
1480 svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1752 C:\WINDOWS\system32\ati2evxx.exe
1880 svchost.exe
308 C:\WINDOWS\system32\spoolsv.exe
392 svchost.exe
428 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
504 C:\WINDOWS\system32\svchost.exe
524 C:\WINDOWS\system32\svchost.exe
556 C:\WINDOWS\system32\svchost.exe
568 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
740 D:\Program Files\Java\jre6\bin\jqs.exe
760 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
860 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
996 C:\WINDOWS\system32\mfevtps.exe
1012 C:\WINDOWS\system32\svchost.exe
1028 C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
908 explorer.exe
516 rundll32.exe
456 C:\WINDOWS\system32\svchost.exe
888 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
944 C:\WINDOWS\system32\svchost.exe
1804 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2088 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2408 wmpnetwk.exe
2628 SMax4PNP.exe
2716 ACDaemon.exe
2756 jusched.exe
2904 ArcCon.ac
3480 acrotray.exe
3236 alg.exe
2056 csrss.exe
3784 C:\WINDOWS\system32\winlogon.exe
2740 C:\WINDOWS\system32\ati2evxx.exe
1212 explorer.exe
1556 rundll32.exe
3520 SMax4PNP.exe
1768 ACDaemon.exe
2076 jusched.exe
2364 ctfmon.exe
1892 acrotray.exe
2000 ArcCon.ac
5668 csrss.exe
5696 C:\WINDOWS\system32\winlogon.exe
5848 C:\WINDOWS\system32\ati2evxx.exe
6096 explorer.exe
6104 rundll32.exe
4260 SMax4PNP.exe
832 ACDaemon.exe
3500 jusched.exe
4444 ArcCon.ac
4368 acrotray.exe
5036 firefox.exe
5828 plugin-container.exe
1808 java.exe
4188 csrss.exe
800 C:\WINDOWS\system32\winlogon.exe
5228 C:\WINDOWS\explorer.exe
4208 mcagent.exe
7272 C:\WINDOWS\system32\rundll32.exe
7668 C:\Program Files\McAfee.com\Agent\mcagent.exe
7120 mcagent.exe
4272 mcagent.exe
2564 C:\Program Files\McAfee\VirusScan\mcods.exe
1896 OUTLOOK.EXE
8776 C:\Documents and Settings\Admin\My Documents\Downloads\mynjl74u.exe
6564 scrnsave.scr
7368 D:\Program Files\Mozilla Firefox\firefox.exe
9160 D:\Program Files\Mozilla Firefox\plugin-container.exe
3696 C:\Documents and Settings\Admin\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (FAT32)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive3 Model Number: <error opening>
PhysicalDrive0 Model Number: <error opening>
PhysicalDrive1 Model Number: <error opening>
PhysicalDrive4 Model Number: <error opening>
PhysicalDrive2 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive3 (32)
ERROR Opening: \\.\PhysicalDrive0 (32)
ERROR Opening: \\.\PhysicalDrive1 (32)
ERROR Opening: \\.\PhysicalDrive4 (32)
ERROR Opening: \\.\PhysicalDrive2 (32)


Done!

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 6/25/2008 5:36:33 PM
System Uptime: 2/8/2011 8:48:52 PM (101 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4P800SE
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | CPU 1 | 2398/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 13.376 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 4.242 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 4.728 GiB free.
F: is FIXED (FAT32) - 373 GiB total, 223.151 GiB free.
G: is Removable
H: is FIXED (NTFS) - 596 GiB total, 525.668 GiB free.
X: is NetworkDisk (NTFS) - 4 GiB total, 3.745 GiB free.
Y: is CDROM (CDFS)
Z: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: USB Media Adapter
Device ID: USB\VID_07B4&PID_010A\5&3AD090D&0&1
Manufacturer:
Name: USB Media Adapter
PNP Device ID: USB\VID_07B4&PID_010A\5&3AD090D&0&1
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP198: 2/1/2011 7:15:37 PM - System Checkpoint
RP199: 2/3/2011 9:46:34 PM - System Checkpoint
RP200: 2/6/2011 1:32:30 AM - System Checkpoint
RP201: 2/7/2011 9:20:21 PM - Software Distribution Service 3.0
RP202: 2/8/2011 6:56:18 PM - Software Distribution Service 3.0
RP203: 2/9/2011 9:46:45 PM - System Checkpoint
RP204: 2/11/2011 10:37:42 PM - System Checkpoint

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.2
Adobe Stock Photos 1.0
AIO_Scan
AnswerWorks 5.0 English Runtime
Apple Software Update
ArcSoft MediaImpression
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitPim 1.0.6
BufferChm
C7200
C7200_Help
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CloneDVD2
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
DeviceManagementQFolder
DocProc
DocProcQFolder
eBook: School Leaders Licensure Assessment Study Guide Revised 2009
eSupportQFolder
Fax
ffdshow [rev 2693] [2009-02-16]
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Smart Web Printing
HP Update
Java Auto Updater
Java(TM) 6 Update 23
LGUsbDriver
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NAVIGON Fresh 1.4.9
Nero 6 Ultra Edition
NetDeviceManager
OCR Software by I.R.I.S. 10.0
OLYMPUS Raw Codec
OpenCASE Media Agent
ORFshell v0.99 beta 8
Panda ActiveScan 2.0
Picasa 3
PlayerLiteH 1.0.0.1.LH
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PureVoice
QuickTime
RAW Thumbnail Viewer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SharpKeys
Skins
SmartWebPrintingOC
Sony Sound Forge 7.0
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Toolbox
TrueSwitch Wizard
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnjiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wrapper
Tweak UI
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Verizon Online Help and Support
Verizon Servicepoint 1.5.12
Viper 1.5.00
WebFldrs XP
WebReg
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/9/2011 8:37:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPSLPSVC service.
2/8/2011 6:32:55 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/8/2011 6:31:57 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/8/2011 6:30:21 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
2/8/2011 6:29:50 PM, error: ati2mtag [45062] - CRT invalid display type
2/8/2011 6:27:06 PM, error: DCOM [10001] - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
2/7/2011 9:40:50 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:40:47 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.
2/7/2011 9:40:47 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
2/7/2011 9:39:47 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 9:39:47 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 9:39:47 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 9:39:47 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 9:39:47 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 9:39:45 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Scanner service to connect.
2/7/2011 9:39:45 PM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2011 9:39:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MCODS with arguments " " in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
2/7/2011 9:39:42 PM, error: Service Control Manager [7034] - The OpenCASE Media Agent service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:42 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:41 PM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:40 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:39 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 9:39:39 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Admin at 1:27:55.37 on Sun 02/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1179 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Documents and Settings\Admin\My Documents\Downloads\mynjl74u.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101224115245.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - d:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://69.3.198.64:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://69.3.198.64:100/VideoViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\6nmyrlwn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-24 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-24 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-8 88176]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-24 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-24 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-24 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-24 141792]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-24 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-24 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-24 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-24 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 88544]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2009-1-2 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2009-1-2 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2009-1-2 60816]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-24 84264]

=============== Created Last 30 ================

2011-02-12 03:01:55 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 1:29:17.29 ===============


Done posting.

Thank you

 

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive3 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
34 GB \\.\PhysicalDrive3 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

ComboFix 11-02-12.02 - Admin 02/13/2011 14:03:01.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1121 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.

2011-02-12 03:01 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-02-12 03:01 . 2011-02-12 03:01 -------- d-----w- c:\windows\LastGood
2011-02-03 00:51 . 2011-02-03 00:52 -------- d-----w- c:\documents and settings\Bella\Local Settings\Application Data\Adobe
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 04:30 . 2010-10-16 03:30 664 ----a-w- c:\documents and settings\Lance\Local Settings\Application Data\d3d9caps.tmp
2011-02-03 16:29 . 2010-01-28 16:29 664 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\d3d9caps.tmp
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2009-08-22 03:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2009-08-22 03:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-06-25 21:31 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task "= "d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 16:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 16:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2007-05-11 20:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2007-09-28 18:30 936960 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58327:TCP "= 58327:TCPandoRest Listening Port

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/24/2010 11:52 AM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/8/2009 4:54 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 11:51 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 11:51 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/24/2010 11:53 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/24/2010 11:52 AM 141792]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 4:29 PM 835208]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/24/2010 11:52 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/24/2010 11:52 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 11:52 AM 88544]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [1/2/2009 10:57 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [1/2/2009 10:57 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [1/2/2009 10:57 PM 60816]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 11:52 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/24/2010 11:52 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - fwtyqpob
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://69.3.198.64:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://69.3.198.64:100/VideoViewer.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 14:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'winlogon.exe'(3784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'winlogon.exe'(5696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(9864)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(960)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(9560)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-13 14:17:28
ComboFix-quarantined-files.txt 2011-02-13 19:17

Pre-Run: 14,278,127,616 bytes free
Post-Run: 14,387,486,720 bytes free

- - End Of File - - 4C407384AFD897638449A06EBB46B75D


Thank you.

 

ComboFix 11-02-12.02 - Admin 02/13/2011 18:49:01.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1517 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.

2011-02-12 03:01 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-02-03 00:51 . 2011-02-03 00:52 -------- d-----w- c:\documents and settings\Bella\Local Settings\Application Data\Adobe
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 04:30 . 2010-10-16 03:30 664 ----a-w- c:\documents and settings\Lance\Local Settings\Application Data\d3d9caps.tmp
2011-02-03 16:29 . 2010-01-28 16:29 664 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\d3d9caps.tmp
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2009-08-22 03:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2009-08-22 03:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-06-25 21:31 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-13_19.12.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-13 22:50 . 2011-02-13 22:50 16384 c:\windows\Temp\Perflib_Perfdata_2ec.dat
+ 2008-06-25 21:48 . 2011-02-13 22:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-25 21:48 . 2011-02-13 11:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-24 07:01 . 2011-02-13 22:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-09-24 07:01 . 2011-02-13 11:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task "= "d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 16:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 16:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2007-05-11 20:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2007-09-28 18:30 936960 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58327:TCP "= 58327:TCPandoRest Listening Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/11/2011 10:01 PM 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/24/2010 11:52 AM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/8/2009 4:54 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 11:51 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 11:51 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/24/2010 11:53 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/24/2010 11:52 AM 141792]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 4:29 PM 835208]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/24/2010 11:52 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/24/2010 11:52 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 11:52 AM 88544]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [1/2/2009 10:57 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [1/2/2009 10:57 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [1/2/2009 10:57 PM 60816]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 11:52 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/24/2010 11:52 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://69.3.198.64:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://69.3.198.64:100/VideoViewer.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'winlogon.exe'(3828)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6024)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(6116)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-13 18:58:15
ComboFix-quarantined-files.txt 2011-02-13 23:58
ComboFix2.txt 2011-02-13 19:17

Pre-Run: 14,414,270,464 bytes free
Post-Run: 14,397,374,464 bytes free

- - End Of File - - DA7D64BB43BD74ADE893D6A9FA698705

 

OTL logfile created on: 2/13/2011 10:40:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 13.46 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 4.24 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 4.73 Gb Free Space | 3.17% Space Free | Partition Type: NTFS
Drive F: | 372.51 Gb Total Space | 223.15 Gb Free Space | 59.90% Space Free | Partition Type: FAT32
Drive H: | 596.17 Gb Total Space | 525.67 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive Y: | 30.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: landlhome | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/24 12:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/29 16:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 19:12:43 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scrnsave.scr
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/05/29 15:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/29 16:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/25 22:16:04 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2008/06/03 01:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/20 09:01:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/01 20:11:43 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/01/01 20:07:05 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/10/15 15:07:30 | 000,060,816 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatserd.sys -- (lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)
DRV - [2002/10/15 15:05:38 | 000,077,104 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatmdm.sys -- (lgatmdm)
DRV - [2002/10/15 15:03:34 | 000,043,024 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-362288127-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1202660629-362288127-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1202660629-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-362288127-725345543-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1202660629-362288127-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/08 18:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/12/29 18:01:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/02/08 18:56:10 | 000,000,000 | ---D | M]

[2010/03/12 20:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/02/13 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\extensions
[2010/10/17 07:21:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 18:29:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/01/02 14:11:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/05/18 00:58:11 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/01/02 14:11:27 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/27 20:21:06 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/09/24 18:38:08 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 18:07:20 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 21:23:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/03/14 14:24:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101224115245.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1202660629-362288127-725345543-1004..\Run: [vfuymohu] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-1202660629-362288127-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://69.3.198.64:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://69.3.198.64:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 16:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/05 09:43:24 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/10/31 16:15:16 | 000,000,215 | R--- | M] () - Y:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 22:38:02 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/02/13 17:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/13 14:00:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/13 14:00:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/13 14:00:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/13 14:00:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/13 13:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/13 13:52:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Admin\Desktop\remover.exe
[2011/02/11 22:01:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

========== Files - Modified Within 30 Days ==========

[2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/02/13 17:49:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 13:55:17 | 004,267,346 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/02/13 13:50:07 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.rar
[2011/02/10 20:11:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/08 20:49:12 | 000,454,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 19:03:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 18:56:11 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/02/13 14:00:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/13 14:00:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/13 14:00:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/13 14:00:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/13 14:00:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/13 13:55:14 | 004,267,346 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/02/13 13:50:07 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.rar
[2011/02/08 18:56:11 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/07 21:03:00 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2010/05/15 19:24:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2010/02/14 14:07:04 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\dumpexif.ini
[2010/01/27 20:12:45 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/27 20:12:35 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 17:53:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2009/07/20 20:05:10 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/22 15:43:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/09/02 22:17:48 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/05 22:22:32 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/27 20:43:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.INI
[2008/06/27 15:54:44 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/27 00:34:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/27 00:04:12 | 000,000,190 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/06/25 12:24:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/11 07:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Catalina Marketing Corp
[2011/01/05 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2010/12/19 22:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Publish Providers
[2010/12/19 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2010/02/14 14:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SquirrelWare
[2010/05/30 07:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SquirrelWare
[2008/10/27 21:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2010/05/16 12:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/12/11 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/10/26 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/11/14 20:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2009/04/21 21:46:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{964C8871-6315-4FC5-8A47-F4C420428929}
[2010/12/08 19:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bella\Application Data\SquirrelWare
[2009/11/11 21:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\E-centives
[2008/07/22 22:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Elaborate Bytes
[2008/12/11 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\GlobalSCAPE
[2008/08/17 22:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\ICAClient
[2010/08/13 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Opera
[2009/01/18 08:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Publish Providers
[2008/07/22 22:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\SlySoft
[2008/08/24 11:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Sony
[2010/02/14 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\SquirrelWare
[2008/11/08 00:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\TrueSwitch
[2011/01/05 19:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GetRightToGo
[2008/11/20 21:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ICAClient
[2009/08/08 22:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Publish Providers
[2009/08/08 22:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sony
[2010/03/13 07:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SquirrelWare
[2008/08/30 20:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Viewpoint
[2009/11/29 14:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/06/25 16:34:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/09 18:27:06 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2010/05/30 07:16:18 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/02/13 18:58:16 | 000,014,692 | ---- | M] () -- C:\ComboFix.txt
[2008/06/25 16:34:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/05 21:55:22 | 000,000,090 | ---- | M] () -- C:\error.log
[2008/06/26 23:41:46 | 209,715,200 | -HS- | M] () -- C:\gobackio.bin
[2008/06/25 16:34:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/08 19:11:47 | 000,019,197 | ---- | M] () -- C:\JavaRa.log
[2008/06/25 16:34:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/11/08 00:18:01 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/25 17:19:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/13 17:49:33 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/06/25 16:33:45 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2004/03/22 14:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/06/25 12:21:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/25 12:21:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/25 12:21:06 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/06/25 17:22:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/08 22:18:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/01/04 23:25:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/13 13:55:17 | 004,267,346 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/08/09 13:51:12 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Admin\Desktop\JavaRa.exe
[2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Admin\Desktop\remover.exe
[2010/05/07 18:29:21 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/08 22:18:25 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Admin\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/06/26 00:07:44 | 000,002,518 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/13 19:02:26 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Admin\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 2
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"UseWUServer" = 0
"NoAutoRebootWithLoggedOnUsers" = 1
"AutoInstallMinorUpdates" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

I edited the duplicate and it appeared to be there, but I must have made a mistake. Sorry.

OTL Extras logfile created on: 2/13/2011 10:40:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 13.46 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 4.24 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 4.73 Gb Free Space | 3.17% Space Free | Partition Type: NTFS
Drive F: | 372.51 Gb Total Space | 223.15 Gb Free Space | 59.90% Space Free | Partition Type: FAT32
Drive H: | 596.17 Gb Total Space | 525.67 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive Y: | 30.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: landlhome | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-362288127-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1202660629-362288127-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"58327:TCP" = 58327:TCP:*:EnabledandoRest Listening Port
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe" = C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:EnabledandoRest Application Name -- ()
"D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09404F93-8684-4401-ACEA-325BBB7EAA2C}_is1" = PlayerLiteH 1.0.0.1.LH
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0E70CFA6-93E3-453F-B47C-855196C2589E}" = Logitech Harmony Remote Software 7
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2F24C126-AA5F-486E-B842-552918B2354E}" = eBook: School Leaders Licensure Assessment Study Guide Revised 2009
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}" = PureVoice
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}" = OLYMPUS Raw Codec
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B629F70-BE1D-456E-AA97-73619020E7A1}" = Sony Sound Forge 7.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}" = TurboTax 2008 wnjiper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B6685367-A8AD-4414-A2A3-10B40EC5CF30}" = SharpKeys
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAEF3BE9-F5CF-4355-BBC3-90134AD070F8}" = RAW Thumbnail Viewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB866374-B705-4749-83D9-997AC77146B3}" = LGUsbDriver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ffdshow_is1" = ffdshow [rev 2693] [2009-02-16]
"HijackThis" = HijackThis 2.0.2
"HP Smart Web Printing" = HP Smart Web Printing
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ORFshell_is1" = ORFshell v0.99 beta 8
"Picasa 3" = Picasa 3
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"TrueSwitch Wizard" = TrueSwitch Wizard
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"Tweak UI 2.10" = Tweak UI
"Verizon Online Help and Support" = Verizon Online Help and Support
"Viper" = Viper 1.5.00
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-362288127-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2011 8:10:33 PM | Computer Name = landlhome | Source = Application Hang | ID = 1001
Description = Fault bucket 1987855645.

Error - 2/8/2011 8:10:33 PM | Computer Name = landlhome | Source = Application Hang | ID = 1001
Description = Fault bucket 1987855645.

Error - 2/10/2011 9:07:24 PM | Computer Name = landlhome | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.6568.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2011 9:08:55 PM | Computer Name = landlhome | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.6568.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2011 9:09:21 PM | Computer Name = landlhome | Source = Application Hang | ID = 1001
Description = Fault bucket 216392537.

Error - 2/11/2011 12:57:51 AM | Computer Name = landlhome | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/11/2011 12:57:51 AM | Computer Name = landlhome | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/11/2011 12:57:51 AM | Computer Name = landlhome | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/11/2011 12:57:52 AM | Computer Name = landlhome | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/11/2011 12:57:52 AM | Computer Name = landlhome | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 2/13/2011 6:50:13 PM | Computer Name = landlhome | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/13/2011 6:52:10 PM | Computer Name = landlhome | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/13/2011 6:53:22 PM | Computer Name = landlhome | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 2/13/2011 7:06:24 PM | Computer Name = landlhome | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/13/2011 7:43:07 PM | Computer Name = landlhome | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/13/2011 7:45:13 PM | Computer Name = landlhome | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/13/2011 7:45:28 PM | Computer Name = landlhome | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/13/2011 7:47:56 PM | Computer Name = landlhome | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/13/2011 7:48:17 PM | Computer Name = landlhome | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/13/2011 7:52:56 PM | Computer Name = landlhome | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.


< End of report >

Thank you

 

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1202660629-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\vfuymohu deleted successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure\Daas2\cert folder moved successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure\Daas2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1563 bytes
->Temporary Internet Files folder emptied: 207363 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72006293 bytes
->Flash cache emptied: 2030 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bella
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 5400 bytes
->FireFox cache emptied: 47790629 bytes
->Flash cache emptied: 961 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lance
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 108459575 bytes
->Flash cache emptied: 2613 bytes

User: Lisa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 415954 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86239193 bytes
->Flash cache emptied: 3138 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Bella
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Lance
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02132011_231207

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPS000.log moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 2/13/2011 11:16:26 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 13.70 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 4.24 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 4.73 Gb Free Space | 3.17% Space Free | Partition Type: NTFS
Drive F: | 372.51 Gb Total Space | 223.15 Gb Free Space | 59.90% Space Free | Partition Type: FAT32
Drive H: | 596.17 Gb Total Space | 525.67 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive Y: | 30.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: landlhome | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/24 12:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/29 16:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/05/29 15:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/29 16:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/25 22:16:04 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2008/06/03 01:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/20 09:01:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/01 20:11:43 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/01/01 20:07:05 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/10/15 15:07:30 | 000,060,816 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatserd.sys -- (lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)
DRV - [2002/10/15 15:05:38 | 000,077,104 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatmdm.sys -- (lgatmdm)
DRV - [2002/10/15 15:03:34 | 000,043,024 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/08 18:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/12/29 18:01:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/02/08 18:56:10 | 000,000,000 | ---D | M]

[2010/03/12 20:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/02/13 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\extensions
[2010/10/17 07:21:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\6nmyrlwn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 18:29:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/01/02 14:11:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/05/18 00:58:11 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/01/02 14:11:27 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/27 20:21:06 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/09/24 18:38:08 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 18:07:20 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 21:23:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/03/14 14:24:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101224115245.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://69.3.198.64:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://69.3.198.64:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 16:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/05 09:43:24 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/10/31 16:15:16 | 000,000,215 | R--- | M] () - Y:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 23:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/13 23:12:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/13 23:12:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/13 22:38:02 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/02/13 14:00:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/13 14:00:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/13 14:00:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/13 14:00:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/13 13:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/13 13:52:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Admin\Desktop\remover.exe
[2011/02/11 22:01:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

========== Files - Modified Within 30 Days ==========

[2011/02/13 23:14:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 22:38:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/02/13 13:55:17 | 004,267,346 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/02/13 13:50:07 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.rar
[2011/02/10 20:11:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/08 20:49:12 | 000,454,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 19:03:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 18:56:11 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/02/13 14:00:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/13 14:00:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/13 14:00:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/13 14:00:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/13 14:00:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/13 13:55:14 | 004,267,346 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/02/13 13:50:07 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.rar
[2011/02/08 18:56:11 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/07 21:03:00 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2010/05/15 19:24:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2010/02/14 14:07:04 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\dumpexif.ini
[2010/01/27 20:12:45 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/27 20:12:35 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 17:53:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2009/07/20 20:05:10 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/22 15:43:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/09/02 22:17:48 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/05 22:22:32 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/27 20:43:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.INI
[2008/06/27 15:54:44 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/27 00:34:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/27 00:04:12 | 000,000,190 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/06/25 12:24:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/11 07:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Catalina Marketing Corp
[2011/01/05 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2010/12/19 22:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Publish Providers
[2010/12/19 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2010/02/14 14:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SquirrelWare
[2008/10/27 21:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2008/12/11 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/10/26 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/11/14 20:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2009/04/21 21:46:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{964C8871-6315-4FC5-8A47-F4C420428929}

========== Purity Check ==========


< End of report >

Thank you

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee AntiVirus Plus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

 

Adobe has been updated.

Thank you