Solved Redirect on all browsers

[Resolved] Redirect on all browsers

Hi,I am having the redirect issue on both IE and Firefox and was hoping you could help,I have read the rules and here are the reports needed to get started.

Thanks in advance Jim

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5567

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/21/2011 7:47:42 PM
mbam-log-2011-01-21 (19-47-42).txt

Scan type: Quick scan
Objects scanned: 155776
Time elapsed: 23 minute(s), 42 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
c:\WINDOWS\Gfujya.exe (Trojan.FakeAlert) -> 5812 -> Unloaded process successfully.
c:\Users\JIM\AppData\Local\Temp\Gcd.exe (Trojan.FakeAlert) -> 6280 -> Unloaded process successfully.
c:\Users\JIM\AppData\Local\Temp\Gce.exe (Trojan.FakeAlert) -> 968 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.IRCBot) -> Value: Windows Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kcalemun (Rogue.AntivirusSuite.Gen) -> Value: kcalemun -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wfkoqalg (Rogue.AntivirusSuite.Gen) -> Value: wfkoqalg -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Gfujya.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\JIM\AppData\Local\Temp\Gcd.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Users\JIM\AppData\Local\Temp\Gce.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Users\JIM\AppData\Local\Temp\Gcc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


GMER 1.0.15.15565 - http://www.gmer.net
Rootkit scan 2011-03-20 04:25:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HM121HI rev.LZ100-10
Running: kukuj87i.exe; Driver: C:\Users\JIM\AppData\Local\Temp\kwloikow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x807B70B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x807B70E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x807B70CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807B70A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82038982 5 Bytes JMP 807B70A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E80A340, 0x3ED9C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 019A0FEF
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 019A0FC3
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 019A0FD4
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 01990F2F
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 0199006B
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 019900B5
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 01990F1E
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 01990F80
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0199002C
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 0199003D
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 01990F40
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 0199005A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 01990FAC
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 01990F9B
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 01990FC7
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 01990F5B
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 019900D0
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 0199001B
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 01990000
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 0199009A
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 01AF0F8D
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!system 762B804B 5 Bytes JMP 01AF0022
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 01AF0000
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!_open 762BD106 5 Bytes JMP 01AF0FEF
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 01AF0011
.text C:\Windows\system32\svchost.exe[460] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 01AF0FD2
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 0194002F
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 01940FA8
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 01940000
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 01940F8D
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 01940054
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 01940FCA
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 01940FEF
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 01940FB9
.text C:\Windows\system32\svchost.exe[460] WS2_32.dll!socket 77C236D1 5 Bytes JMP 01B00000
.text C:\Windows\Explorer.EXE[700] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 035A0FEF
.text C:\Windows\Explorer.EXE[700] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 035A0FDE
.text C:\Windows\Explorer.EXE[700] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 035A0014
.text C:\Windows\Explorer.EXE[700] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 0358009D
.text C:\Windows\Explorer.EXE[700] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 03580F57
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 035800D3
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 035800B8
.text C:\Windows\Explorer.EXE[700] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 03580F8D
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0358001B
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 0358002C
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 03580082
.text C:\Windows\Explorer.EXE[700] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 03580F9E
.text C:\Windows\Explorer.EXE[700] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 03580051
.text C:\Windows\Explorer.EXE[700] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 03580FAF
.text C:\Windows\Explorer.EXE[700] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 03580FCA
.text C:\Windows\Explorer.EXE[700] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 03580F72
.text C:\Windows\Explorer.EXE[700] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 03580F21
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 0358000A
.text C:\Windows\Explorer.EXE[700] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 03580FEF
.text C:\Windows\Explorer.EXE[700] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 03580F3C
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 03570FB6
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 0357004E
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 03570000
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 03570FC7
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 03570F9B
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 0357002C
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 03570011
.text C:\Windows\Explorer.EXE[700] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 0357003D
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 03BE0F86
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!system 762B804B 5 Bytes JMP 03BE001B
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 03BE000A
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!_open 762BD106 5 Bytes JMP 03BE0FE3
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 03BE0FB5
.text C:\Windows\Explorer.EXE[700] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 03BE0FD2
.text C:\Windows\Explorer.EXE[700] WS2_32.dll!socket 77C236D1 5 Bytes JMP 03BD0000
.text C:\Windows\Explorer.EXE[700] WININET.dll!InternetOpenA 7765D690 5 Bytes JMP 03590FEF
.text C:\Windows\Explorer.EXE[700] WININET.dll!InternetOpenW 7765DB09 5 Bytes JMP 0359000A
.text C:\Windows\Explorer.EXE[700] WININET.dll!InternetOpenUrlA 7765F3A4 5 Bytes JMP 03590FD4
.text C:\Windows\Explorer.EXE[700] WININET.dll!InternetOpenUrlW 776A6D77 5 Bytes JMP 03590FAF
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 001F0FCA
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 001F000A
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 001E00AE
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 001E0F68
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 001E0F2B
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 001E0F3C
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 001E0F83
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 001E0025
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 001E0036
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 001E0093
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 001E0F9E
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 001E005B
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 001E0078
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 001E0F10
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 001E0000
.text C:\Windows\system32\services.exe[820] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 001E0F4D
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00210058
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00210047
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00210000
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00210FB6
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00210073
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 0021001B
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00210FE5
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 0021002C
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00200FA1
.text C:\Windows\system32\services.exe[820] msvcrt.dll!system 762B804B 5 Bytes JMP 00200FBC
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00200011
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_open 762BD106 5 Bytes JMP 00200FE3
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 0020002C
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00200000
.text C:\Windows\system32\services.exe[820] WS2_32.dll!socket 77C236D1 5 Bytes JMP 005E0FEF
.text C:\Windows\system32\lsass.exe[836] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00150000
.text C:\Windows\system32\lsass.exe[836] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00150FD4
.text C:\Windows\system32\lsass.exe[836] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00150FE5
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 001400AC
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00140F66
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 001400D1
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00140F30
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00140065
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0014000A
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00140FC3
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 0014009B
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00140F8B
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00140FA8
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 0014004A
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00140025
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 0014008A
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 001400EC
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00140FD4
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00140FE5
.text C:\Windows\system32\lsass.exe[836] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00140F4B
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 009F003D
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 009F002C
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 009F0F80
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 009F0FC0
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 009F0011
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00160F70
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!system 762B804B 5 Bytes JMP 00160F8B
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00160FC1
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!_open 762BD106 5 Bytes JMP 00160FE3
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00160F9C
.text C:\Windows\system32\lsass.exe[836] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00160FD2
.text C:\Windows\system32\lsass.exe[836] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 000900C9
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 000900AE
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00090F4D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 000900E4
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 0009007B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00090FC3
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00090FB2
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 0009009D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00090F97
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00090039
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 0009004A
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 0009001E
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 0009008C
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00090F28
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00090FD4
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00090F68
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 762B804B 5 Bytes JMP 000B0044
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 000B0FDE
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 762BD106 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 000B0033
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 000B000C
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 000C006C
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 000C004A
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 000C005B
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 000C0FDE
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 000C0025
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 009A0025
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 009A0FE5
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 002A00D6
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 002A0F86
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 002A0F64
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 002A00FB
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 002A008C
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 002A0014
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 002A0FC3
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 002A00A7
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 002A0071
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 002A0039
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 002A004A
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 002A0FB2
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 002A0F97
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 002A0F53
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 002A0F75
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00A30FA3
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!system 762B804B 5 Bytes JMP 00A30038
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00A3001D
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_open 762BD106 5 Bytes JMP 00A30000
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00A30FC8
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00A30FEF
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00A40032
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00A40FAB
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00A40F9A
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00A4004D
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00A40FCD
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00A40FDE
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00A40FBC
.text C:\Windows\system32\svchost.exe[1116] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00A50FEF
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 0004002C
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00010F4B
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00010091
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00010F15
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00010F30
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00010F77
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00010FD1
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00010F66
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00010EFA
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00060FA4
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!system 762B804B 5 Bytes JMP 00060FB5
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_open 762BD106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00060FC6
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00070036
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[1184] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00C80FEF
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00DE0F54
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00DE009A
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00DE00DA
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00DE00B5
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00DE005A
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00DE0FC0
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00DE0011
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00DE007F
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00DE0F80
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00DE003D
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00DE0F91
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00DE0022
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00DE0F6F
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00DE0F28
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00DE0F39
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00E00F84
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!system 762B804B 5 Bytes JMP 00E00F95
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00E00FC1
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_open 762BD106 5 Bytes JMP 00E00FE3
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00E00FA6
.text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00E00FD2
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00E50F79
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00E50025
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00E5000A
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00E50F94
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00E50F68
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00E50FD4
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[1224] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00E7000A
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00BA0FEF
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00BA0014
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00BA0FDE
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00B900BD
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00B900AC
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00B90F30
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00B90F55
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00B90080
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00B90036
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00B90051
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00B9009B
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00B90FB2
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00B90FDE
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00B90FC3
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00B90FEF
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00B90F8B
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00B90F1F
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00B9001B
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00B9000A
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00B90F66
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00BB0FB2
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!system 762B804B 5 Bytes JMP 00BB0033
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00BB0022
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_open 762BD106 5 Bytes JMP 00BB0000
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00BB0FCD
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00BB0011
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00BC00A2
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00BC0076
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00BC000A
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00BC0091
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00BC0FDB
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00BC0040
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00BC0025
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00BC005B
.text C:\Windows\System32\svchost.exe[1260] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00EE0FEF
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00E70FEF
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00E70FDE
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00E70014
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00E60F32
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00E60F43

 

.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00E600A4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00E60F17
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00E60F79
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00E60FD1
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00E60F54
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00E60F8A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00E60036
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00E60047
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00E60FAF
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00E6006E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00E60EF2
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00E60011
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00E60093
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00F60058
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 762B804B 5 Bytes JMP 00F6003D
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00F60022
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 762BD106 5 Bytes JMP 00F60000
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00F60FCD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00F60011
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00FB0069
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00FB0FD1
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00FB0058
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00FB007A
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00FB0022
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00FB0011
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00FB003D
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00FC0FE5
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 0012000A
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 0012001B
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 001000B8
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00100F7C
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 001000F5
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 001000E4
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 0010008C
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0010002C
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00100FE5
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 001000A7
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00100FA8
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00100FCA
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00100FB9
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00100051
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00100F97
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 0010011A
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 0010001B
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 001000D3
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00130F6E
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!system 762B804B 5 Bytes JMP 00130F89
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00130FB5
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_open 762BD106 5 Bytes JMP 00130FE3
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00130F9A
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00130FC6
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 0014006C
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00140047
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00140FCA
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 0014007D
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00140025
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00140036
.text C:\Windows\system32\svchost.exe[1404] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00EA0FEF
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00EA0014
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00EA0FDE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 0055007D
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00550F37
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 005500A9
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00550F12
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00550F88
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00550014
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00550025
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00550F5C
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00550062
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00550FA5
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00550051
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00550036
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00550F6D
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 005500BA
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00550FDE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00550FEF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00550098
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00F90F90
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system 762B804B 5 Bytes JMP 00F9001B
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open 762BD106 5 Bytes JMP 00F90FE3
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00F90FAB
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00F90FD2
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00FA0036
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00FA0F94
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00FA0051
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00FA0025
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket 77C236D1 5 Bytes JMP 01400FEF
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenA 7765D690 5 Bytes JMP 013F000A
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenW 7765DB09 5 Bytes JMP 013F0FE5
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlA 7765F3A4 5 Bytes JMP 013F0FD4
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlW 776A6D77 5 Bytes JMP 013F0FB9
.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00E60FE5
.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00E50F3C
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00E50F4D
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00E50EF5
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00E50F10
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00E50F6F
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00E5001B
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00E5002C
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00E50F5E
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00E50F8A
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00E50FA5
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00E50047
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00E50FC0
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00E5006E
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00E50EE4
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00E50000
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00E50F21
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00E7004C
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!system 762B804B 5 Bytes JMP 00E70027
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00E70FD2
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_open 762BD106 5 Bytes JMP 00E7000C
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00E70FC1
.text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00E70FE3
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 765439AB 3 Bytes JMP 00E0002F
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA + 4 765439AF 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 76543BA9 3 Bytes JMP 00E00FA8
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA + 4 76543BAD 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 765489C7 3 Bytes JMP 00E00FE5
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA + 4 765489CB 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00E00F8D
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00E00F7C
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00E0000A
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00E00FCA
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00E00FB9
.text C:\Windows\system32\svchost.exe[1708] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00E80FEF
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00D20025
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00D20014
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 00D100AB
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00D1009A
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00D100D0
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00D10F39
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00D10F9B
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00D10FDB
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00D10022
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00D10F6F
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00D10FB6
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00D10058
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00D10073
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00D10047
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00D10F80
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00D100E1
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00D10011
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00D10F4A
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00CF0F7C
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!system 762B804B 5 Bytes JMP 00CF0F97
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00CF0FC6
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!_open 762BD106 5 Bytes JMP 00CF0000
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00CF0011
.text C:\Windows\system32\svchost.exe[2264] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00CF0FD7
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00D00F83
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00D00F9E
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00D00FEF
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00D0002F
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00D00040
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00D00FC3
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00D00FDE
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00D0000A
.text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00100014
.text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00100FDE
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 000F00A4
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 000F0093
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 000F00B5
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 000F0F28
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 000F0F94
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 000F0FD4
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 000F0025
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 000F0F68
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 000F0062
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 000F0040
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 000F0051
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 000F0F79
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 000F0F0D
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 000F000A
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[2524] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 000F0F39
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 0009002E
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!system 762B804B 5 Bytes JMP 00090FA3
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00090FD2
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_open 762BD106 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00090FE3
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 000A0FB9
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 000A0FD4
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 000A005B
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 000A0FA8
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 000A0025
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 000A0040
.text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00220000
.text C:\Windows\System32\svchost.exe[2588] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[2588] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 001D0FC3
.text C:\Windows\System32\svchost.exe[2588] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 001D0FDE
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 001C0F61
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 001C00A7
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 001C00C9
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 001C0F3C
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 001C0FB2
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 001C0025
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 001C004A
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 001C0F7C
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 001C0FCD
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 001C0FDE

 

.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 001C0080
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 001C0065
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 001C0FA1
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 001C00DA
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 001C0FEF
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 001C0000
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!WinExec 76905CF7 3 Bytes JMP 001C00B8
.text C:\Windows\System32\svchost.exe[2588] kernel32.dll!WinExec + 4 76905CFB 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 000D0058
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!system 762B804B 5 Bytes JMP 000D0047
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 000D0011
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!_open 762BD106 5 Bytes JMP 000D0000
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 000D0022
.text C:\Windows\System32\svchost.exe[2588] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 000D0FD7
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00170F9E
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00170FAF
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00170040
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 0017005B
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00170011
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00170000
.text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00170FC0
.text C:\Windows\System32\svchost.exe[2588] WS2_32.dll!socket 77C236D1 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[2628] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[2628] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00880036
.text C:\Windows\system32\svchost.exe[2628] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00880025
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 008700C0
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 00870F7A
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 00870F3D
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00870F4E
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00870080
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 008700A5
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 0087006F
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00870FB2
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00870054
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00870FC3
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00870F95
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 008700F9
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00870FDE
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 00870F5F
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00680FC8
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!system 762B804B 5 Bytes JMP 00680053
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00680027
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!_open 762BD106 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00680038
.text C:\Windows\system32\svchost.exe[2628] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 0068000C
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00850F94
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00850025
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00850051
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00850FD4
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00850014
.text C:\Windows\system32\svchost.exe[2628] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00890FE5
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00A00011
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00A00FDB
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 009F00CE
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 009F00B3
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 009F0F5C
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 009F00E9
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 009F007D
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 009F0036
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 009F0F88
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 009F0FAF
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 009F0051
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 009F008E
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 009F010E
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 009F0F6D
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00270038
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!system 762B804B 5 Bytes JMP 00270027
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 0027000C
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_open 762BD106 5 Bytes JMP 00270FE3
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00270FB7
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00270FD2
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00280F8A
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00280022
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00280F9B
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00280047
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00280FDB
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00280011
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00280FC0
.text C:\Windows\system32\svchost.exe[3364] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00A10FEF
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00090FE5
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00090011
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00090000
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 000700CD
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 000700F9
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00070F62
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00070086
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00070097
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00070075
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00070058
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 00070F87
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00070F47
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 000700DE
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 0005003A
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!system 762B804B 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_open 762BD106 5 Bytes JMP 0005000C
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00050029
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00060FA8
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00060FB9
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00060040
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00060F97
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00060FE5
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 00060FD4
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3832] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 6B7B9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3832] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 6B7B9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtCreateFile 77B54224 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtCreateProcess 77B542E4 5 Bytes JMP 00040FC3
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtProtectVirtualMemory 77B54B84 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetStartupInfoW 76871929 5 Bytes JMP 000100BC
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetStartupInfoA 768719C9 5 Bytes JMP 000100AB
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateProcessW 76871BF3 5 Bytes JMP 000100F2
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateProcessA 76871C28 5 Bytes JMP 00010F5B
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!VirtualProtect 76871DC3 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateNamedPipeA 76872EF5 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateNamedPipeW 76875C0C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreatePipe 76898E6E 5 Bytes JMP 00010090
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryExW 76899109 5 Bytes JMP 00010064
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryW 76899362 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryExA 768994B4 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryA 768994DC 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!VirtualProtectEx 7689DBDA 5 Bytes JMP 0001007F
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetProcAddress 768B903B 5 Bytes JMP 00010F40
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateFileW 768BAECB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateFileA 768BCE5F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!WinExec 76905CF7 5 Bytes JMP 000100CD
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wsystem 762B7F2F 5 Bytes JMP 00060FA6
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!system 762B804B 5 Bytes JMP 00060FB7
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_creat 762BBBE1 5 Bytes JMP 00060016
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_open 762BD106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wcreat 762BD326 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wopen 762BD501 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyExA 765439AB 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyA 76543BA9 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyA 765489C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyW 7655391E 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyExW 765541F1 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyExA 76557C42 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyW 7655E2B5 5 Bytes JMP 00070014
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyExW 76567BA1 5 Bytes JMP 0007002F
.text C:\Windows\system32\svchost.exe[4348] WS2_32.dll!socket 77C236D1 5 Bytes JMP 00080000
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4572] USER32.dll!TrackPopupMenu 767F14F3 5 Bytes JMP 60FE6373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] ntdll.dll!LdrLoadDll 77B193A8 5 Bytes JMP 010F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] ntdll.dll!NtQueryInformationProcess 77B54CA4 5 Bytes JMP 00F204D6
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!closesocket 77C2330C 5 Bytes JMP 00F0BF35
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!recv 77C2343A 5 Bytes JMP 00F0BCE3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!GetAddrInfoW 77C23D12 5 Bytes JMP 00F0B283
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!getaddrinfo 77C2418A 5 Bytes JMP 00F0B1A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!WSASend 77C24496 5 Bytes JMP 00F0BD8D
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!send 77C2659B 5 Bytes JMP 00F0BC3D
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!WSARecv 77C28400 5 Bytes JMP 00F0BE4E
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!WSAAsyncGetHostByName 77C35FB9 2 Bytes JMP 00F0B56A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!WSAAsyncGetHostByName + 3 77C35FBC 2 Bytes [2D, 89]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] WS2_32.dll!gethostbyname 77C362D4 5 Bytes JMP 00F0B0E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!DrawTextExW 767E91CE 5 Bytes JMP 00F0C510
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!DrawTextW 767E97D3 5 Bytes JMP 00F0C34C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!DrawTextA 767F558D 5 Bytes JMP 00F0C270
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!DrawTextExA 767F55C4 5 Bytes JMP 00F0C428
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!DialogBoxParamW 768010B0 5 Bytes JMP 00F0B645
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] USER32.dll!SetClipboardData 76816410 5 Bytes JMP 00F0BFC3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!ExtTextOutW 7678872B 5 Bytes JMP 00F0C6DD
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!GetGlyphIndicesW 7678B765 5 Bytes JMP 00F0CB5E
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!ExtTextOutA 767900A5 5 Bytes JMP 00F0C5F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!TextOutA 76790BAB 5 Bytes JMP 00F0C0D6
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!TextOutW 76790D6D 5 Bytes JMP 00F0C1A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5844] GDI32.dll!GetGlyphIndicesA 767A9DC0 5 Bytes JMP 00F0CA94

 

DDS #1

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2007 4:57:46 AM
System Uptime: 3/20/2011 3:41:35 AM (1 hours ago)
.
Motherboard: Quanta | | 30D1
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 62.544 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 106.562 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.513 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4660_4680_Help
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe SVG Viewer 3.0
AudibleManager
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Conexant HD Audio
ConvertXtoDVD 4.0.12.327
CustomerResearchQFolder
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Document Manager 1.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Officejet All-In-One Series
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.6
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
ieSpell
ImagXpress
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
JDownloader
K-Lite Codec Pack 5.2.0 (Full)
LightScribe System Software
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Memory Improve Master v6.1.2.236
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.15)
MSCU for Microsoft Vista
MSN
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
neroxml
NetDeviceManager
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Planet Earth 3D Screensaver 1.1
ProductContext
PSSWCORE
QuickPlay SlingPlayer 0.4.6
RegCure
Registry Purify v4.96
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shop for HP Supplies
SmartAudio
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
System Requirements Lab
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
VLC media player 1.1.4
WeatherBug
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Searchqu Toolbar
WinRAR archiver
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 3:43:47 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/20/2011 3:43:35 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/20/2011 3:43:17 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/20/2011 3:40:22 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/16/2011 10:18:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LAINIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A55D72D-6E02-4C6F-9BFB-152C6C32. The master browser is stopping or an election is being forced.
3/15/2011 5:51:57 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The system cannot find the path specified.
3/15/2011 12:01:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================

DDS #2

DDS (Ver_11-03-05.01) - NTFSx86
Run by JIM at 4:40:27.70 on Sun 03/20/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1719 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JIM\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110306144830.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\windows searchqu toolbar\toolbar\SearchquDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\windows searchqu toolbar\toolbar\SearchquDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Memory Improve Master] c:\program files\memory improve master\MemoryImproveMaster.exe /autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [DATAMNGR] c:\progra~1\windows searchqu toolbar\datamngr\datamngrUI.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jim\appdata\roaming\mozilla\firefox\profiles\x8x7ifps.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\jim\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-1 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-1 164840]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-18 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-21 238952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-18 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 55840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-21 36608]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-17 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 313288]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2010-3-18 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-17 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-17 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-25 136176]
.
=============== Created Last 30 ================
.
2011-03-11 00:39:28 -------- d-----w- c:\users\jim\appdata\local\HP
2011-03-09 07:13:03 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 07:13:03 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 07:13:03 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 07:13:03 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 07:13:00 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 07:12:59 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 20:48:30 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-03-02 04:47:34 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-02 04:47:13 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-02 04:47:11 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-02 04:47:11 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-02 04:47:11 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-02 04:47:11 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-02 04:47:11 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-02 04:47:11 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
.
==================== Find3M ====================
.
2011-01-21 22:07:12 98304 --sha-r- c:\windows\system32\shsvcsa.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HM121HI rev.LZ100-10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82051912] -> \Device\Harddisk0\DR0[0x859F5868]
3 CLASSPNP[0x8A19F8B3] -> ntkrnlpa!IofCallDriver[0x82051912] -> [0x84989898]
5 acpi[0x8060C6BC] -> ntkrnlpa!IofCallDriver[0x82051912] -> \Device\Ide\IdeDeviceP2T0L0-3[0x84984B98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 4:40:53.65 ===============


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BDA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BB8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\mfevtps.exe[2396] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [01367740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[2396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [013677A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 159):
0x8200D000 \SystemRoot\system32\ntkrnlpa.exe
0x823C7000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\PSHED.dll
0x80425000 \SystemRoot\system32\BOOTVID.dll
0x8042D000 \SystemRoot\system32\CLFS.SYS
0x8046E000 \SystemRoot\system32\CI.dll
0x8054E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80604000 \SystemRoot\system32\drivers\acpi.sys
0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80653000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065B000 \SystemRoot\system32\drivers\pci.sys
0x80682000 \SystemRoot\System32\drivers\partmgr.sys
0x80691000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80694000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069E000 \SystemRoot\system32\drivers\volmgr.sys
0x806AD000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F7000 \SystemRoot\system32\drivers\pciide.sys
0x806FE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071C000 \SystemRoot\system32\drivers\atapi.sys
0x80724000 \SystemRoot\system32\drivers\ataport.SYS
0x80742000 \SystemRoot\system32\drivers\fltmgr.sys
0x80774000 \SystemRoot\system32\drivers\fileinfo.sys
0x80784000 \SystemRoot\system32\drivers\mfehidk.sys
0x807E1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82608000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82679000 \SystemRoot\system32\drivers\ndis.sys
0x82784000 \SystemRoot\system32\drivers\msrpc.sys
0x827AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A112000 \SystemRoot\system32\drivers\volsnap.sys
0x8A14B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A153000 \SystemRoot\System32\Drivers\mup.sys
0x8A162000 \SystemRoot\System32\drivers\ecache.sys
0x8A189000 \SystemRoot\system32\drivers\disk.sys
0x8A19A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A1BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A1E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A1EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x827EA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A1F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A1FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x807EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x82600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x805CD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x827FA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x805D6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E206000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E244000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E253000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E26B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E2F8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E308000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E316000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E330000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E33F000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E353000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E40D000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E60B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E80A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFDC000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFE8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E753000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E75E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFFB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E799000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E7A4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E50D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E7D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E7DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E54E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E571000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E580000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E594000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E5A9000 \SystemRoot\System32\Drivers\Pcouffin.sys
0x8E5B5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EFFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5C5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E5EF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E600000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E3A4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E3D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F60D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F640000 \SystemRoot\system32\drivers\portcls.sys
0x8F66D000 \SystemRoot\system32\drivers\drmk.sys
0x8F692000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F6D0000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F807000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F8BC000 \SystemRoot\system32\drivers\modem.sys
0x8F8C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F8E0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F901000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F90A000 \SystemRoot\System32\Drivers\Null.SYS
0x8F911000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F918000 \SystemRoot\System32\drivers\vga.sys
0x8F924000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F945000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F94D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F955000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F960000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F96E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FA02000 \SystemRoot\System32\drivers\tcpip.sys
0x8FAEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8FB07000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8FB2E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FB44000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FB58000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FB8A000 \SystemRoot\system32\drivers\afd.sys
0x8FBD2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBE8000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8F977000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBF6000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8F985000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F998000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9D4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F9DE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F7D3000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8FE02000 \SystemRoot\system32\drivers\mfefirek.sys
0x8FE4D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE5A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FE65000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97A50000 \SystemRoot\System32\win32k.sys
0x8FE6D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FE77000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97C70000 \SystemRoot\System32\TSDDD.dll
0x97C90000 \SystemRoot\System32\cdd.dll
0x8FE86000 \SystemRoot\system32\drivers\luafv.sys
0x8FEA9000 \SystemRoot\system32\drivers\spsys.sys
0x8FF59000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FF69000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FF93000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FF9D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E00B000 \SystemRoot\system32\drivers\HTTP.sys
0x9E078000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E095000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E0AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E0C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E0E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E103000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E13C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E154000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E17C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E1E2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2204000 \SystemRoot\system32\drivers\peauth.sys
0xA22E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA22EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA22F8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2326000 \SystemRoot\system32\drivers\cfwids.sys
0xA2353000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA235C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2372000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0xA23B5000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA23CB000 \??\C:\Users\JIM\AppData\Local\Temp\kwloikow.sys
0x77AF0000 \WINDOWS\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 SYSTEM
644 C:\WINDOWS\System32\smss.exe
724 csrss.exe
776 C:\WINDOWS\System32\wininit.exe
788 csrss.exe
820 C:\WINDOWS\System32\services.exe
836 C:\WINDOWS\System32\lsass.exe
844 C:\WINDOWS\System32\lsm.exe
916 C:\WINDOWS\System32\winlogon.exe
1044 C:\WINDOWS\System32\svchost.exe
1088 C:\WINDOWS\System32\nvvsvc.exe
1116 C:\WINDOWS\System32\svchost.exe
1224 C:\WINDOWS\System32\svchost.exe
1260 C:\WINDOWS\System32\svchost.exe
1316 C:\WINDOWS\System32\svchost.exe
1380 C:\WINDOWS\System32\audiodg.exe
1404 C:\WINDOWS\System32\svchost.exe
1428 C:\WINDOWS\System32\SLsvc.exe
1452 C:\WINDOWS\System32\svchost.exe
1576 C:\WINDOWS\System32\rundll32.exe
1708 C:\WINDOWS\System32\svchost.exe
1904 C:\WINDOWS\System32\wlanext.exe
2000 C:\WINDOWS\System32\spoolsv.exe
2008 C:\WINDOWS\System32\taskeng.exe
460 C:\WINDOWS\System32\svchost.exe
500 C:\WINDOWS\System32\rundll32.exe
528 C:\Program Files\Google\Update\GoogleUpdate.exe
524 C:\WINDOWS\System32\dwm.exe
620 C:\WINDOWS\System32\taskeng.exe
700 C:\WINDOWS\explorer.exe
2200 C:\WINDOWS\System32\FsUsbExService.Exe
2264 C:\WINDOWS\System32\svchost.exe
2324 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2360 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2396 C:\WINDOWS\System32\mfevtps.exe
2500 C:\WINDOWS\System32\rundll32.exe
2524 C:\WINDOWS\System32\svchost.exe
2588 C:\WINDOWS\System32\svchost.exe
2604 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2628 C:\WINDOWS\System32\svchost.exe
2648 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2852 C:\WINDOWS\System32\rundll32.exe
2876 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2948 C:\Program Files\HP\QuickPlay\QPService.exe
2956 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2972 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2980 C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
3008 C:\Program Files\McAfee.com\Agent\mcagent.exe
3016 C:\Program Files\Windows Sidebar\sidebar.exe
3024 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3044 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3064 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3096 C:\WINDOWS\ehome\ehtray.exe
3104 C:\Program Files\AWS\WeatherBug\Weather.exe
3112 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
3128 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3252 C:\WINDOWS\ehome\ehmsas.exe
3364 C:\WINDOWS\System32\svchost.exe
3380 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
3408 C:\WINDOWS\System32\svchost.exe
3468 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3532 C:\WINDOWS\System32\drivers\XAudio.exe
3560 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3596 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3680 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3688 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3832 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3948 WmiPrvSE.exe
2072 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2472 C:\Program Files\Windows Sidebar\sidebar.exe
1184 C:\WINDOWS\System32\svchost.exe
4160 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4276 WmiPrvSE.exe
4348 C:\WINDOWS\System32\svchost.exe
4596 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4624 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4864 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5448 C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
5844 C:\Program Files\Mozilla Firefox\firefox.exe
4572 C:\Program Files\Mozilla Firefox\plugin-container.exe
3452 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1844 C:\Program Files\Windows Media Player\wmpnscfg.exe
3860 C:\Program Files\Windows Media Player\wmpnetwk.exe
284 C:\Program Files\Common Files\McAfee\Core\mchost.exe
1196 C:\Program Files\Common Files\McAfee\Core\mchost.exe
4128 C:\WINDOWS\System32\notepad.exe
5860 C:\Users\JIM\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000019`d81fee00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM121HI, Rev: LZ100-10
PhysicalDrive1 Model Number: SAMSUNGHM121HI, Rev: LZ100-10

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

 

there they all are I think,sorry about the breaking them up but i couldnt get it all in one.

Jim

 

Just as soon as you can and thanks alot

Jim

 

Hi Broni, here it is.

2011/03/20 12:47:32.0215 4888 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/20 12:47:32.0644 4888 ================================================================================
2011/03/20 12:47:32.0644 4888 SystemInfo:
2011/03/20 12:47:32.0644 4888
2011/03/20 12:47:32.0644 4888 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/20 12:47:32.0645 4888 Product type: Workstation
2011/03/20 12:47:32.0645 4888 ComputerName: JIM-LAPTOP
2011/03/20 12:47:32.0645 4888 UserName: JIM
2011/03/20 12:47:32.0645 4888 Windows directory: C:\Windows
2011/03/20 12:47:32.0645 4888 System windows directory: C:\Windows
2011/03/20 12:47:32.0645 4888 Processor architecture: Intel x86
2011/03/20 12:47:32.0645 4888 Number of processors: 2
2011/03/20 12:47:32.0645 4888 Page size: 0x1000
2011/03/20 12:47:32.0645 4888 Boot type: Normal boot
2011/03/20 12:47:32.0645 4888 ================================================================================
2011/03/20 12:47:35.0163 4888 Initialize success
2011/03/20 12:48:06.0118 4644 ================================================================================
2011/03/20 12:48:06.0118 4644 Scan started
2011/03/20 12:48:06.0118 4644 Mode: Manual;
2011/03/20 12:48:06.0118 4644 ================================================================================
2011/03/20 12:48:07.0073 4644 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/20 12:48:07.0130 4644 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/20 12:48:07.0191 4644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/20 12:48:07.0232 4644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/20 12:48:07.0277 4644 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/20 12:48:07.0355 4644 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/20 12:48:07.0405 4644 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/20 12:48:07.0441 4644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/20 12:48:07.0485 4644 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/20 12:48:07.0523 4644 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/20 12:48:07.0564 4644 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/20 12:48:07.0601 4644 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/20 12:48:07.0668 4644 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/20 12:48:07.0710 4644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/20 12:48:07.0752 4644 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/20 12:48:07.0816 4644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/20 12:48:07.0863 4644 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/20 12:48:07.0968 4644 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/20 12:48:08.0014 4644 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/20 12:48:08.0087 4644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/20 12:48:08.0191 4644 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/20 12:48:08.0239 4644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/20 12:48:08.0271 4644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/20 12:48:08.0326 4644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/20 12:48:08.0363 4644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/20 12:48:08.0412 4644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/20 12:48:08.0442 4644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/20 12:48:08.0482 4644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/20 12:48:08.0546 4644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/20 12:48:08.0596 4644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/20 12:48:08.0692 4644 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2011/03/20 12:48:08.0801 4644 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/20 12:48:08.0862 4644 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/20 12:48:08.0937 4644 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/20 12:48:08.0970 4644 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/20 12:48:09.0022 4644 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/03/20 12:48:09.0223 4644 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/20 12:48:09.0262 4644 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/20 12:48:09.0293 4644 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/20 12:48:09.0367 4644 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/20 12:48:09.0443 4644 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/20 12:48:09.0524 4644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/20 12:48:09.0608 4644 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/20 12:48:09.0645 4644 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/03/20 12:48:09.0688 4644 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/20 12:48:09.0744 4644 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/03/20 12:48:09.0934 4644 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/20 12:48:10.0019 4644 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/20 12:48:10.0120 4644 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/20 12:48:10.0182 4644 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/20 12:48:10.0222 4644 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/20 12:48:10.0294 4644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/20 12:48:10.0351 4644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/20 12:48:10.0386 4644 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/20 12:48:10.0433 4644 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/20 12:48:10.0541 4644 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/03/20 12:48:10.0583 4644 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/20 12:48:10.0622 4644 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/20 12:48:10.0689 4644 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/03/20 12:48:10.0801 4644 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
2011/03/20 12:48:10.0976 4644 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/20 12:48:11.0008 4644 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/20 12:48:11.0042 4644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/20 12:48:11.0097 4644 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/20 12:48:11.0155 4644 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/20 12:48:11.0239 4644 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/20 12:48:11.0313 4644 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/20 12:48:11.0504 4644 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/20 12:48:11.0702 4644 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/20 12:48:11.0774 4644 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/20 12:48:11.0843 4644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/20 12:48:11.0920 4644 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/20 12:48:12.0003 4644 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/20 12:48:12.0057 4644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/20 12:48:12.0113 4644 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/03/20 12:48:12.0146 4644 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/20 12:48:12.0221 4644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/20 12:48:12.0289 4644 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/20 12:48:12.0349 4644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/20 12:48:12.0405 4644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/20 12:48:12.0436 4644 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/20 12:48:12.0482 4644 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/20 12:48:12.0504 4644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/20 12:48:12.0535 4644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/20 12:48:12.0600 4644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/20 12:48:12.0648 4644 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/20 12:48:12.0733 4644 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/20 12:48:12.0849 4644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/20 12:48:12.0908 4644 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/20 12:48:12.0937 4644 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/20 12:48:12.0984 4644 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/20 12:48:13.0034 4644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/20 12:48:13.0157 4644 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/20 12:48:13.0197 4644 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/20 12:48:13.0258 4644 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/03/20 12:48:13.0318 4644 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2011/03/20 12:48:13.0457 4644 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2011/03/20 12:48:13.0533 4644 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2011/03/20 12:48:13.0668 4644 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/03/20 12:48:13.0785 4644 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/03/20 12:48:13.0899 4644 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2011/03/20 12:48:14.0027 4644 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/03/20 12:48:14.0155 4644 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/03/20 12:48:14.0309 4644 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2011/03/20 12:48:14.0443 4644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/20 12:48:14.0504 4644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/20 12:48:14.0560 4644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/20 12:48:14.0619 4644 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/03/20 12:48:14.0686 4644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/20 12:48:14.0721 4644 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/20 12:48:14.0759 4644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/20 12:48:14.0822 4644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/20 12:48:14.0869 4644 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/20 12:48:14.0936 4644 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/20 12:48:14.0970 4644 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/20 12:48:15.0006 4644 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/20 12:48:15.0038 4644 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/20 12:48:15.0075 4644 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/20 12:48:15.0163 4644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/20 12:48:15.0235 4644 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/20 12:48:15.0308 4644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/20 12:48:15.0376 4644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/20 12:48:15.0409 4644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/20 12:48:15.0468 4644 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/20 12:48:15.0522 4644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/20 12:48:15.0552 4644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/20 12:48:15.0581 4644 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/20 12:48:15.0643 4644 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/20 12:48:15.0730 4644 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/20 12:48:15.0794 4644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/20 12:48:15.0845 4644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/20 12:48:15.0882 4644 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/20 12:48:15.0940 4644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/20 12:48:15.0996 4644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/20 12:48:16.0043 4644 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/20 12:48:16.0131 4644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/20 12:48:16.0208 4644 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/20 12:48:16.0296 4644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/20 12:48:16.0374 4644 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/20 12:48:16.0449 4644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/20 12:48:16.0489 4644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/20 12:48:16.0574 4644 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/03/20 12:48:16.0976 4644 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/20 12:48:17.0233 4644 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/20 12:48:17.0285 4644 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/20 12:48:17.0318 4644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/20 12:48:17.0376 4644 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/20 12:48:17.0499 4644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/20 12:48:17.0551 4644 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/20 12:48:17.0604 4644 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/20 12:48:17.0642 4644 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/20 12:48:17.0690 4644 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/20 12:48:17.0717 4644 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/03/20 12:48:17.0760 4644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/20 12:48:17.0833 4644 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\Pcouffin.sys
2011/03/20 12:48:17.0948 4644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/20 12:48:18.0136 4644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/20 12:48:18.0180 4644 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/20 12:48:18.0263 4644 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/20 12:48:18.0315 4644 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/20 12:48:18.0379 4644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/20 12:48:18.0431 4644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/20 12:48:18.0513 4644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/20 12:48:18.0588 4644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/20 12:48:18.0661 4644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/20 12:48:18.0744 4644 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/20 12:48:18.0835 4644 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/20 12:48:18.0906 4644 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/20 12:48:18.0941 4644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/20 12:48:18.0988 4644 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/20 12:48:19.0020 4644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/20 12:48:19.0107 4644 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/20 12:48:19.0178 4644 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/20 12:48:19.0273 4644 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/20 12:48:19.0424 4644 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/20 12:48:19.0713 4644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/20 12:48:19.0760 4644 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/20 12:48:19.0845 4644 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/20 12:48:19.0888 4644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/20 12:48:19.0939 4644 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/20 12:48:19.0981 4644 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/20 12:48:20.0060 4644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/20 12:48:20.0145 4644 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/20 12:48:20.0182 4644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/20 12:48:20.0221 4644 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/20 12:48:20.0262 4644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/20 12:48:20.0323 4644 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/20 12:48:20.0371 4644 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/20 12:48:20.0408 4644 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/20 12:48:20.0496 4644 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/20 12:48:20.0578 4644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/20 12:48:20.0661 4644 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/20 12:48:20.0847 4644 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/20 12:48:21.0043 4644 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/20 12:48:21.0180 4644 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/03/20 12:48:21.0305 4644 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/03/20 12:48:21.0425 4644 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/03/20 12:48:21.0589 4644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/20 12:48:21.0643 4644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/20 12:48:21.0697 4644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/20 12:48:21.0739 4644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/20 12:48:21.0806 4644 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/20 12:48:22.0007 4644 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/20 12:48:22.0164 4644 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/20 12:48:22.0227 4644 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/20 12:48:22.0298 4644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/20 12:48:22.0338 4644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/20 12:48:22.0405 4644 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/20 12:48:22.0464 4644 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/20 12:48:22.0566 4644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/20 12:48:22.0644 4644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/20 12:48:22.0715 4644 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/20 12:48:22.0769 4644 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/20 12:48:22.0843 4644 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/20 12:48:22.0918 4644 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/20 12:48:22.0967 4644 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/20 12:48:23.0015 4644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/20 12:48:23.0067 4644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/20 12:48:23.0137 4644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/20 12:48:23.0227 4644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/20 12:48:23.0271 4644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/20 12:48:23.0308 4644 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/20 12:48:23.0353 4644 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/20 12:48:23.0397 4644 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/20 12:48:23.0441 4644 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/20 12:48:23.0498 4644 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/20 12:48:23.0540 4644 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/20 12:48:23.0598 4644 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/20 12:48:23.0652 4644 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/20 12:48:23.0724 4644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/20 12:48:23.0770 4644 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/20 12:48:23.0806 4644 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/20 12:48:23.0846 4644 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/20 12:48:23.0908 4644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/20 12:48:23.0979 4644 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/20 12:48:24.0048 4644 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/20 12:48:24.0089 4644 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/20 12:48:24.0160 4644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/20 12:48:24.0227 4644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 12:48:24.0253 4644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 12:48:24.0323 4644 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/20 12:48:24.0395 4644 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/20 12:48:24.0545 4644 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/20 12:48:24.0872 4644 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/20 12:48:24.0963 4644 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/20 12:48:25.0030 4644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/20 12:48:25.0097 4644 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/03/20 12:48:25.0192 4644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/20 12:48:25.0240 4644 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/20 12:48:25.0439 4644 ================================================================================
2011/03/20 12:48:25.0439 4644 Scan finished
2011/03/20 12:48:25.0439 4644 ================================================================================

 

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8EA0C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7544832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.91 )
0x82005000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82005000 PnpManager 3907584 bytes
0x82005000 RAW 3907584 bytes
0x82005000 WMIxWDM 3907584 bytes
0x97810000 Win32k 2109440 bytes
0x97810000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E80F000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8A00B000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8267D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F6D2000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E60D000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8FA06000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8046A000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9AA0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F80A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8FEA7000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F13E000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E073000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8260C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8054A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9DE0D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80786000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x8E15B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9DF7E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8FE00000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x806AF000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FB8E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80606000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80429000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E70D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F694000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8E00E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F99B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x827B3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E957000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x9DF05000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A11B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E1AC000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823BF000 ACPI_HAL 208896 bytes
0x8F60F000 C:\Windows\system32\drivers\CHDRT32.sys 208896 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x823BF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80744000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FB5C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E99D000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F642000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82788000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E7B6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8FF67000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9DF56000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A16B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8FB0B000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x8065D000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F66F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F7D5000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8E74E000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A1A3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9DEC5000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F8E3000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8F927000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9DEE6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80726000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9DE7A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8FAF0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FE84000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8E11E000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9DE97000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E05B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9DF3E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F9E1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E9D7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F8CC000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9AB64000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9AB3A000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8FBD6000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FB32000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9DEB0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E785000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E771000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E147000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8FB48000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F1EA000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8FF9B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F988000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9AB84000 C:\Windows\system32\drivers\klmd.sys 73728 bytes
0x8A192000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E1E1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80410000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x827EE000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80776000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x807EC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8FF57000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E100000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E7A6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8FE75000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A15C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80684000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E800000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E138000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8E04C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x806A0000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E110000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97A50000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FBEC000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8F97A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F963000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80700000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x805BB000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8FE4B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F8BF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E7EA000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x9AB2E000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x8E79A000 C:\Windows\System32\Drivers\Pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x9AAF4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F91B000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F1DE000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FE58000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8EA00000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9AB50000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8E992000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F958000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E9EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E9CC000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A1ED000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80696000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8FE6B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E7E0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FF91000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F9D7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AAEA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x805D2000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9AB7A000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0x8A1C4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9AB5B000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x8F904000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E7F7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9AB96000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807E3000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F971000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97A30000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A000000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x805C9000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064C000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8071E000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80421000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FE63000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80655000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F948000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F950000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A154000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9AB00000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F914000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x82600000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F90D000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F9000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A1F8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9DFE4000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80693000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8A1FC000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x82607000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0x8FBFA000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x8E9F9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F1FD000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x042B0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x883BC020 ] PID: 2320, 110592 bytes
0x00860000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x85006358 ] PID: 4728, 110592 bytes
0x00380000 Hidden Image-->SystemStatus.dll [ EPROCESS 0x883BC020 ] PID: 2320, 118784 bytes
0x00A10000 Hidden Image-->SHDocVw.dll [ EPROCESS 0x883BC020 ] PID: 2320, 135168 bytes
0x05770000 Hidden Image-->PCHealthSecurityPillar.dll [ EPROCESS 0x883BC020 ] PID: 2320, 192512 bytes
0x07580000 Hidden Image-->Interop.BackWebLib.dll [ EPROCESS 0x883BC020 ] PID: 2320, 249856 bytes
0x00350000 Hidden Image-->SecurityStatusServer.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x00360000 Hidden Image-->MessagingInterface.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x00A40000 Hidden Image-->Interop.HelpPane.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x05BE0000 Hidden Image-->Interop.MLDeskBand.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x07570000 Hidden Image-->Interop.BACKWEBCOMMANDERLib.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x076C0000 Hidden Image-->RemotingClient.dll [ EPROCESS 0x883BC020 ] PID: 2320, 28672 bytes
0x02AA0000 Hidden Image-->NetLib.dll [ EPROCESS 0x8609ED90 ] PID: 3524, 28672 bytes
0x002D0000 Hidden Image-->CeeWrtier.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x00320000 Hidden Image-->Interop.NetFwTypeLib.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x00370000 Hidden Image-->Content.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x003A0000 Hidden Image-->MessagingMessages.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x059C0000 Hidden Image-->MarketPillar.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x075D0000 Hidden Image-->Interop.RulesEngineLib.dll [ EPROCESS 0x883BC020 ] PID: 2320, 36864 bytes
0x059B0000 Hidden Image-->HowToPillar.dll [ EPROCESS 0x883BC020 ] PID: 2320, 45056 bytes
0x07510000 Hidden Image-->MessagingClients.dll [ EPROCESS 0x883BC020 ] PID: 2320, 45056 bytes
0x075C0000 Hidden Image-->BackWeb.dll [ EPROCESS 0x883BC020 ] PID: 2320, 45056 bytes
0x002F0000 Hidden Image-->MessagingServer.dll [ EPROCESS 0x883BC020 ] PID: 2320, 53248 bytes
0x00A60000 Hidden Image-->InterfaceServices.dll [ EPROCESS 0x883BC020 ] PID: 2320, 53248 bytes
0x07560000 Hidden Image-->AMSProfile.dll [ EPROCESS 0x883BC020 ] PID: 2320, 53248 bytes
0x002E0000 Hidden Image-->Interop.TaskScheduler.dll [ EPROCESS 0x883BC020 ] PID: 2320, 61440 bytes
0x00A50000 Hidden Image-->HPAdvisor.Common.Windows.dll [ EPROCESS 0x883BC020 ] PID: 2320, 61440 bytes
0x059A0000 Hidden Image-->PCAlertsPillar.dll [ EPROCESS 0x883BC020 ] PID: 2320, 61440 bytes
0x00300000 Hidden Image-->Interop.WUApiLib.dll [ EPROCESS 0x883BC020 ] PID: 2320, 77824 bytes

 

Had to uninstall mckafee and malwarebytes first but here it is.

ComboFix 11-03-19.04 - JIM 03/20/2011 16:24:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1523 [GMT -5:00]
Running from: c:\users\JIM\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

 

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\JIM\AppData\Roaming\chrtmp
c:\users\JIM\AppData\Roaming\inst.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 15:52 . 2011-03-20 15:52 -------- d-----w- c:\users\JIM\AppData\Local\HP Guide
2011-03-11 00:39 . 2011-03-11 00:39 -------- d-----w- c:\users\JIM\AppData\Local\HP
2011-03-09 07:13 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 07:13 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 07:13 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 07:13 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 07:13 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 07:12 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 03:04 . 2011-03-06 03:04 -------- d-----w- c:\users\JIM\AppData\Local\Mozilla
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 23:29 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-21 22:07 . 2011-01-21 22:07 98304 --sha-r- c:\windows\system32\shsvcsa.dll
2011-01-20 16:37 . 2011-02-10 00:55 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 00:55 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 00:55 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 00:55 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 00:55 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 00:55 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 00:55 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 00:55 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 00:55 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 00:55 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 00:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 00:55 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 00:55 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 00:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 00:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 00:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 00:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 00:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 00:55 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 00:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 00:55 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 00:55 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 00:55 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 00:55 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 00:55 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 00:55 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 00:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 00:55 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 09:41 . 2011-01-21 07:12 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D51E9818-2B73-4A4C-A2A2-DD5388ACF390}\mpengine.dll
2011-01-08 08:47 . 2011-02-10 00:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 00:55 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-10 00:56 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-13 00:08 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"Memory Improve Master "= "c:\program files\Memory Improve Master\MemoryImproveMaster.exe" [2009-03-16 5095424]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-25 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"AutoStartNPSAgent "= "c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
"EnableLinkedConnections "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 00:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 esgiguard;esgiguard; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 136176]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 23:10]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 23:10]
.
2011-03-11 c:\windows\Tasks\HPCeeScheduleForJIM.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-05 21:23]
.
2011-03-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-03-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{9BC5D058-153B-4C46-BF8C-3C01AEBB7A07}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
FF - ProfilePath - c:\users\JIM\AppData\Roaming\Mozilla\Firefox\Profiles\x8x7ifps.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-DATAMNGR - c:\progra~1\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 16:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HM121HI rev.LZ100-10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,7b,43,e6,5f,de,5e,4f,8e,a7,36,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,7b,43,e6,5f,de,5e,4f,8e,a7,36,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-03-20 16:33:14
ComboFix-quarantined-files.txt 2011-03-20 21:33
.
Pre-Run: 67,238,100,992 bytes free
Post-Run: 67,181,703,168 bytes free
.
- - End Of File - - CCBF9F01BB3207C0A0B7A233AFA759D9

 

Well finally!!!!!! Thanks so much Broni, its been a long time since i could choose a link and it actually goes where its supposed to. What was the cause by the way? I have removed regi cure and am currently downloading mcafee to reinstall and malwarebytes,thank you

Jim

 

OTL logfile created on: 3/20/2011 6:07:31 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JIM\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 62.39 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 106.56 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.51 Gb Free Space | 17.99% Space Free | Partition Type: NTFS

Computer Name: JIM-LAPTOP | User Name: JIM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/20 18:04:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JIM\Downloads\OTL.exe
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/07/29 02:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
PRC - [2010/07/29 02:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/20 18:04:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JIM\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/29 02:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/28 17:13:42 | 000,820,488 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\JIM\AppData\Local\Temp\0158571300658685mcinst.exe -- (0158571300658685mcinstcleanup) McAfee Application Installer Cleanup (0158571300658685)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/13 19:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/03/25 06:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/03/25 06:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/03/25 06:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-611954044-1544728655-3816644476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-611954044-1544728655-3816644476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/19 20:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/20 17:10:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/20 17:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 22:04:05 | 000,000,000 | ---D | M]

[2011/03/05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JIM\AppData\Roaming\Mozilla\Extensions
[2010/10/02 05:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JIM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/03/20 03:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JIM\AppData\Roaming\Mozilla\Firefox\Profiles\x8x7ifps.default\extensions
[2011/03/06 10:27:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JIM\AppData\Roaming\Mozilla\Firefox\Profiles\x8x7ifps.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/05 22:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2011/03/20 16:31:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110320170425.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000..\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe (Memory Improve Master Studio)
O4 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-611954044-1544728655-3816644476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPSplash.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPSplash.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 17:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/20 17:04:28 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/03/20 17:04:25 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/03/20 17:04:04 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/03/20 17:04:04 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/03/20 17:04:04 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/03/20 17:04:04 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/03/20 17:04:03 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/03/20 17:04:03 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/03/20 17:04:03 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/03/20 17:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/03/20 16:49:19 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/03/20 16:33:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/20 16:23:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/20 16:23:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/20 16:23:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/20 16:21:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/20 16:07:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/20 16:02:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/20 10:52:34 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Local\HP Guide
[2011/03/13 23:25:07 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\SpyBHORemover
[2011/03/10 19:39:28 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Local\HP
[2011/03/09 02:13:03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 02:13:03 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 02:13:03 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 02:13:03 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/05 22:04:26 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Local\Mozilla
[2011/03/05 22:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/05 22:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/20 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\google redirect fix
[2010/04/25 19:00:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\JIM\AppData\Roaming\pcouffin.sys
[1 C:\Users\JIM\AppData\Local\*.tmp files -> C:\Users\JIM\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 17:21:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 17:12:13 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/03/20 16:31:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/20 16:23:28 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/20 16:23:28 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/20 16:19:53 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/20 16:19:39 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/20 16:17:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 16:17:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 16:17:18 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 16:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 10:48:38 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9BC5D058-153B-4C46-BF8C-3C01AEBB7A07}.job
[2011/03/20 10:46:15 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/13 23:24:56 | 003,202,732 | ---- | M] () -- C:\Users\JIM\Desktop\SpyBHORemover.zip
[2011/03/11 18:53:31 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJIM.job
[2011/03/06 22:37:31 | 000,353,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/05 22:04:11 | 000,001,756 | ---- | M] () -- C:\Users\JIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/05 22:04:11 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Users\JIM\AppData\Local\*.tmp files -> C:\Users\JIM\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/20 17:05:17 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/03/20 16:23:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/20 16:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/20 16:23:16 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/20 16:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/20 16:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/13 23:24:51 | 003,202,732 | ---- | C] () -- C:\Users\JIM\Desktop\SpyBHORemover.zip
[2011/03/05 22:04:11 | 000,001,756 | ---- | C] () -- C:\Users\JIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/05 22:04:11 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/21 08:08:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/08/21 08:08:56 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/05/25 13:31:49 | 000,006,944 | ---- | C] () -- C:\Users\JIM\AppData\Local\d3d9caps.dat
[2010/04/25 19:02:22 | 000,001,189 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\vso_ts_preview.xml
[2010/04/25 19:00:44 | 000,007,887 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\pcouffin.cat
[2010/04/25 19:00:44 | 000,001,144 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\pcouffin.inf
[2010/03/23 18:30:27 | 000,014,336 | ---- | C] () -- C:\Users\JIM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 22:34:25 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/22 22:34:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/22 22:34:23 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/22 22:34:23 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/22 22:34:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/21 22:38:28 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/21 15:24:00 | 000,000,029 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\default.rss
[2010/03/21 15:23:59 | 000,000,000 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\downloads.m3u
[2010/03/19 20:46:43 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/19 20:41:17 | 000,077,349 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/03/19 05:20:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/19 05:18:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/18 21:46:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/18 19:25:33 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2010/03/18 19:23:24 | 000,178,280 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/03/18 19:23:24 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
[2010/03/17 21:08:04 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/17 21:08:00 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/17 02:54:04 | 000,027,145 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\nvModes.001
[2010/03/17 02:54:00 | 000,027,145 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\nvModes.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/04 21:43:45 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/04 20:33:21 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,353,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/21 08:40:05 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2007/08/04 21:57:23 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/20 16:33:14 | 000,059,157 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/20 16:17:05 | 3534,213,120 | -HS- | M] () -- C:\pagefile.sys
[2010/05/29 15:56:30 | 000,042,259 | ---- | M] () -- C:\scramble.log
[2011/03/20 12:46:39 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_20.03.2011_12.46.35_log.txt
[2011/03/06 20:58:43 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_06.03.2011_19.58.35_log.txt
[2011/03/06 21:00:12 | 000,063,748 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_06.03.2011_19.59.37_log.txt
[2011/03/09 00:12:09 | 000,063,748 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_08.03.2011_23.11.32_log.txt
[2011/03/14 00:48:14 | 000,063,748 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_14.03.2011_00.47.38_log.txt
[2011/03/14 00:48:29 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_14.03.2011_00.48.23_log.txt
[2011/03/14 00:51:27 | 000,063,748 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_14.03.2011_00.49.42_log.txt
[2011/03/20 13:22:34 | 000,063,748 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_20.03.2011_12.47.32_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/19 05:33:56 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/12/03 18:55:24 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/04/05 14:53:13 | 000,335,872 | ---- | M] (Nero AG / Nero Inc.) -- C:\WINDOWS\Nero PhotoShow.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/03/18 21:14:24 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/23 21:28:23 | 000,000,286 | -HS- | M] () -- C:\Users\JIM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/06/01 00:50:59 | 001,529,272 | ---- | M] (Audible Inc.) -- C:\Users\JIM\Desktop\ActiveSetupN.exe
[2010/07/14 09:58:00 | 015,345,128 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- C:\Users\JIM\Desktop\JDownloaderSetup_kikin.exe
[2010/04/18 11:12:08 | 306,708,552 | ---- | M] (Nero AG) -- C:\Users\JIM\Desktop\Nero-10.0.13100.exe
[2010/01/05 13:34:54 | 001,676,680 | ---- | M] () -- C:\Users\JIM\Desktop\NeroCleanTool5.0.0.18.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/17 02:14:28 | 000,000,402 | -HS- | M] () -- C:\Users\JIM\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/19 20:47:58 | 000,001,354 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/03/20 16:19:39 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. >

< * When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL. >

< * Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here. >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\JIM\AppData\Local\desktop.ini:13635e3aead5e6fea2d3041b0f413571
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:61B310EE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >

 

OTL Extras logfile created on: 3/20/2011 6:07:31 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JIM\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 62.39 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 106.56 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.51 Gb Free Space | 17.99% Space Free | Partition Type: NTFS

Computer Name: JIM-LAPTOP | User Name: JIM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-611954044-1544728655-3816644476-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2683B2A4-C821-4033-B8D4-D6738D6022E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3554766B-3156-4534-A8B6-49D8CF127BC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B23BD79-418D-4EF3-BC4E-E203B3722DF2}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{8AAB47C4-3E15-4FD6-892C-FF3ED9BF6E5E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A816265F-12BD-452D-8049-E3E71053A1E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F59AF028-7393-408B-8C62-D17816D391AA}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC765B-941C-49F9-9126-F9059CA22164}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{093888D1-09CE-47D4-91A8-F1D06A8BDC73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0B9B3163-6BD5-4CFB-AF6D-C0778CE33B0D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1240B020-2766-4F31-984B-469E1920D83D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{15505D02-6196-4793-B86D-2C06961BF4C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1B7BF93F-3A4B-4DE5-8206-B8F998025463}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1C7D6AB8-7D0B-49DC-9263-82400E120449}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E7CD4B0-5C7B-4182-8E47-908AD1D3631A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1E9006AF-D931-4E2C-B060-9715F227A177}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{22392FE9-CD86-416E-A5E5-449F36355851}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{358B9E50-40E8-4D8D-9FD1-4204630B077D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{3BB432F2-4459-4EDE-B111-FC3603C82C5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{3CE176F6-FE31-44AF-8716-6E963E16C8C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{436459A3-C74A-475C-A62D-E670CE02350C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{452E1521-4A84-4E44-8D38-DB962F8ACD72}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5FA4CE7E-63AD-48B3-B8FE-DE48F5507772}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{66CFA433-89E4-4B0A-8E53-AFFD1AE7E4E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6C8316B6-AD0C-48AF-9438-081F15684547}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6F94A41A-5419-4806-ADAC-1ACF01465E16}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7C451580-984C-4DA2-AC1C-254333098356}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{85777A53-A9B8-487C-8BB3-834527BFD7E2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8AEE33E0-21C5-4467-8C82-2F8E63AB2922}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{A6A3531F-7C1C-4CD2-BCD9-A25593F310F3}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A6F39889-49B6-4D77-BFC9-6D546A43C1DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{AB72CDF8-2103-4853-9E44-7BD37B6ACA85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B7EB56A5-A07A-43D4-9B45-9B6A548EEC74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BD0C338B-0175-43EB-8E50-502F4F30E264}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD66770E-C9F6-4250-A095-42B33BB1ADA7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD94D72E-C5FE-4253-AC04-483E56C3B1E2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C38B74DF-49DE-402E-BFD6-B7A7CE932706}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C8EEF33A-0C33-4578-9BD3-668C3AE42A4D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CD389912-7B92-4E38-BD02-104865A208A4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D2EA8759-FC20-47F7-9003-73E141BAB03D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{DA38B54C-3542-45F8-9AF2-259387529011}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{E230856B-4A8C-467F-93E3-26185C4B5B38}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F0D3AA01-C14B-4029-8521-48A09680C6D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F86521EC-F013-4DEC-8ECF-394A3BA411AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA20ED56-15F5-4212-8383-C1783E50B328}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AudibleManager" = AudibleManager
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ieSpell" = ieSpell
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Memory Improve Master_is1" = Memory Improve Master v6.1.2.236
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Planet Earth 3D Screensaver_is1" = Planet Earth 3D Screensaver 1.1
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VLC media player" = VLC media player 1.1.4
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-611954044-1544728655-3816644476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2011 4:34:24 AM | Computer Name = JIM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.230.5, time stamp 0x4cddca06,
faulting module java.dll, version 6.0.230.5, time stamp 0x4cddfd7f, exception code
0xc0000005, fault offset 0x00004e2f, process id 0xd64, application start time 0x01cbde34c81398a1.

Error - 3/14/2011 1:38:17 AM | Computer Name = JIM-LAPTOP | Source = Perflib | ID = 1010
Description =

Error - 3/14/2011 1:38:17 AM | Computer Name = JIM-LAPTOP | Source = Perflib | ID = 1008
Description =

Error - 3/15/2011 6:55:27 AM | Computer Name = JIM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application wlschost.EXE, version 1.14.6886.1, time stamp
0x4d2b7c92, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0xebc, application
start time 0x01cbe2ce0ac89910.

Error - 3/20/2011 5:05:18 AM | Computer Name = JIM-LAPTOP | Source = Perflib | ID = 1010
Description =

Error - 3/20/2011 5:13:32 PM | Computer Name = JIM-LAPTOP | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x7e : The specified module
could not be found.

Error - 3/20/2011 5:13:36 PM | Computer Name = JIM-LAPTOP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 3/20/2011 5:13:36 PM | Computer Name = JIM-LAPTOP | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x7e : The specified module
could not be found.

Error - 3/20/2011 5:13:36 PM | Computer Name = JIM-LAPTOP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 3/20/2011 5:15:38 PM | Computer Name = JIM-LAPTOP | Source = Application Hang | ID = 1002
Description = The program PLANET~1.SCR version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13e8 Start Time: 01cbe72507884c2a Termination Time: 0

[ System Events ]
Error - 3/20/2011 11:47:06 AM | Computer Name = JIM-LAPTOP | Source = DCOM | ID = 10016
Description =

Error - 3/20/2011 11:47:25 AM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2011 11:47:43 AM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2011 5:18:19 PM | Computer Name = JIM-LAPTOP | Source = DCOM | ID = 10016
Description =

Error - 3/20/2011 5:18:40 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2011 5:18:52 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2011 5:23:41 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7034
Description =

Error - 3/20/2011 5:24:02 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7030
Description =

Error - 3/20/2011 5:28:00 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7030
Description =

Error - 3/20/2011 5:31:31 PM | Computer Name = JIM-LAPTOP | Source = Service Control Manager | ID = 7030
Description =


< End of report >