Windows XP Restore

Earlier, I got the Windows XP Restore Virus on my computer. I put Rkill and Malwarebytes on a flash drive and ran them in safe mode. Rkill wouldn't run, but Malwarebytes did. Below are the logs you requested, plus the log from my first scan of Malwarebytes. I still have the Windows XP restore icon on my desktop, although it does not pop up with the windows and error messages like it did when I first obtained the virus. What should I do from here. I greatly appreciate any help you are able to provide. Thanks!

TL logfile created on: 6/12/2011 10:41:09 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Bartholow\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 53.59% Memory free
4.10 Gb Paging File | 3.06 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2248 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 4.20 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
Drive D: | 147.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.72 Gb Total Space | 3.47 Gb Free Space | 93.24% Space Free | Partition Type: FAT32

Computer Name: D2FVDQ31 | User Name: Bartholow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 22:39:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bartholow\Desktop\OTL.com
PRC - [2011/06/12 18:43:46 | 001,007,120 | ---- | M] () -- F:\rkill.scr
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
PRC - [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\temp\RarSFX4\nird\iexplore.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 18:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/02/08 18:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/02/08 18:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxczcoms.exe
PRC - [2007/01/15 14:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/12 14:32:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/11/03 08:55:12 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/08/06 18:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 22:39:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bartholow\Desktop\OTL.com
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/08 18:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2003/08/06 18:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2009/09/01 14:34:02 | 000,026,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/01 14:33:52 | 000,025,456 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/03/19 19:51:22 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/28 22:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 22:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/03/21 23:56:22 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 18:38:10 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 18:37:36 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 18:31:28 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\beep.sys -- (Beep)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2028

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myembarq.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/26 19:54:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 02:22:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/18 20:26:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110510121308.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Virtual Assistant\SmartBridge\SprintDSLAlert.exe (Sprint)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - Startup: C:\Documents and Settings\Bartholow\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275756161546 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/BARTHO~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bartholow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bartholow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 17:09:18 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{cb83640b-0fe0-11d8-8d81-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cb83640b-0fe0-11d8-8d81-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb83640b-0fe0-11d8-8d81-806d6172696f}\Shell\AutoRun\command - "" = D:\langsel.exe -- [2010/03/11 04:16:04 | 001,242,288 | R--- | M] (McAfee, Inc.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\langsel.exe -- [2010/03/11 04:16:04 | 001,242,288 | R--- | M] (McAfee, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\SYSTEM32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8ade8c02-8da6-4ec1-a9ee-ec00ff73ce98} - Internet Explorer Q903235
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.aasc - C:\WINDOWS\System32\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aflc - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 22:41:22 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bartholow\Desktop\aswMBR.exe
[2011/06/12 22:39:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bartholow\Desktop\OTL.com
[2011/06/12 22:15:10 | 000,000,000 | --SD | C] -- C:\commy18813c
[2011/06/12 22:02:49 | 000,000,000 | --SD | C] -- C:\commy
[2011/06/12 21:54:58 | 004,120,119 | R--- | C] (Swearware) -- C:\Documents and Settings\Bartholow\Desktop\commy.exe
[2011/06/12 21:49:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/12 21:49:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bartholow\Start Menu\Programs\Administrative Tools
[2011/06/12 20:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/12 19:04:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bartholow\Recent
[2011/06/12 17:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bartholow\Start Menu\Programs\Windows XP Restore
[2011/06/12 17:11:47 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2010/01/09 19:55:04 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2007/02/08 18:50:37 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczih.exe
[2007/02/08 18:50:33 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcoms.exe
[2007/02/08 18:50:29 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcfg.exe
[2006/12/20 18:08:22 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2006/12/20 18:06:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2006/12/20 18:01:02 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2006/12/20 17:59:22 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2006/12/20 17:58:01 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2006/12/20 17:55:39 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2006/12/20 17:54:52 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2006/12/20 17:54:19 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2006/12/20 17:47:30 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2006/12/20 17:46:49 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2006/12/20 17:42:34 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Bartholow\Desktop\*.tmp files -> C:\Documents and Settings\Bartholow\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Bartholow\My Documents\*.tmp files -> C:\Documents and Settings\Bartholow\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 22:48:43 | 000,879,099 | ---- | M] () -- C:\Documents and Settings\Bartholow\Desktop\SecurityCheck.exe
[2011/06/12 22:41:25 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bartholow\Desktop\aswMBR.exe
[2011/06/12 22:41:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008UA.job
[2011/06/12 22:39:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bartholow\Desktop\OTL.com
[2011/06/12 21:55:07 | 004,120,119 | R--- | M] (Swearware) -- C:\Documents and Settings\Bartholow\Desktop\commy.exe
[2011/06/12 20:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/12 20:43:31 | 2414,940,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 19:14:31 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Bartholow\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/12 19:10:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 17:21:53 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Bartholow\Desktop\Windows XP Restore.lnk
[2011/06/12 15:41:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008Core.job
[2011/06/11 12:24:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bartholow\Desktop\Microsoft Office Word 2003.lnk
[2011/06/10 10:55:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/08 15:14:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 07:43:07 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Bartholow\Desktop\Google Chrome.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Bartholow\Desktop\*.tmp files -> C:\Documents and Settings\Bartholow\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Bartholow\My Documents\*.tmp files -> C:\Documents and Settings\Bartholow\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\natetazu
[2011/06/12 22:42:10 | 000,879,099 | ---- | C] () -- C:\Documents and Settings\Bartholow\Desktop\SecurityCheck.exe
[2011/06/12 20:43:31 | 2414,940,160 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/12 19:10:06 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Bartholow\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/12 19:10:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 17:21:53 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Bartholow\Desktop\Windows XP Restore.lnk
[2010/11/26 20:58:23 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2010/11/26 19:35:37 | 000,208,384 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/11/26 19:35:37 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010/10/31 15:59:53 | 000,039,008 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/18 15:40:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/18 15:40:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/01 20:01:35 | 000,000,141 | ---- | C] () -- C:\Program Files\drv_30282781.bat
[2010/01/09 19:55:04 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2010/01/09 19:53:49 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2010/01/02 00:01:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/10/09 19:42:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/03/09 22:35:03 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/12/15 20:34:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/15 20:34:48 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Bartholow\Application Data\PnkBstrK.sys
[2007/12/15 20:34:47 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/15 20:34:24 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/12/15 20:34:23 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2007/09/02 11:30:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/09/02 11:30:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/02 11:26:59 | 000,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/09/02 11:26:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/09/02 11:26:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/09/02 11:26:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/08/26 11:29:33 | 000,000,724 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/08/22 19:47:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/07/29 10:24:50 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2007/07/29 10:23:01 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\buyurl_gold.dat
[2007/02/14 10:53:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/25 15:42:48 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2006/09/06 16:31:59 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/06 16:00:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/06 15:58:29 | 000,121,995 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/07/13 20:38:57 | 000,000,053 | ---- | C] () -- C:\WINDOWS\TassWin.INI
[2006/07/13 20:36:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2006/07/13 20:36:51 | 000,766,026 | ---- | C] () -- C:\WINDOWS\System32\ActiveTerra2.dll
[2006/07/13 20:16:57 | 000,001,294 | ---- | C] () -- C:\WINDOWS\Stella.ini
[2006/07/01 21:36:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/01 18:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/11 17:38:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/01 21:50:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/04/01 20:52:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/03/27 12:19:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2006/03/17 15:29:57 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/01/10 18:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2006/01/01 17:02:02 | 000,047,870 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/01 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/12/25 12:10:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/12/25 12:10:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/03 14:47:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bartholow\Local Settings\Application Data\fusioncache.dat
[2004/10/05 22:20:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/24 19:58:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/04/13 17:23:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/04 19:46:57 | 000,005,779 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/02/02 21:17:42 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Bartholow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/26 20:14:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2003/11/26 19:46:04 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/11/22 15:30:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bartholow\Application Data\dm.ini
[2003/11/10 11:06:49 | 000,000,499 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2003/11/09 18:53:20 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/11/09 15:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/11/05 22:48:01 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/05 18:46:36 | 000,000,587 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2003/11/03 09:00:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/03 08:59:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/03 08:52:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/11/03 08:48:26 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/03 08:43:31 | 000,000,889 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/03 08:31:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/11/03 08:28:52 | 000,445,768 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/11/03 08:28:52 | 000,072,974 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/11/03 08:28:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/03 08:13:34 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/02/17 19:00:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2003/02/17 19:00:36 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2003/02/05 13:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 11:05:08 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/12 22:41:25 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bartholow\Desktop\aswMBR.exe
[2011/06/12 21:55:07 | 004,120,119 | R--- | M] (Swearware) -- C:\Documents and Settings\Bartholow\Desktop\commy.exe
[2010/04/25 18:06:20 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bartholow\Desktop\FileFormatConverters.exe
[2010/05/05 19:23:08 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bartholow\Desktop\mbam-setup.exe
[2011/06/12 22:48:43 | 000,879,099 | ---- | M] () -- C:\Documents and Settings\Bartholow\Desktop\SecurityCheck.exe
[3 C:\Documents and Settings\Bartholow\Desktop\*.tmp files -> C:\Documents and Settings\Bartholow\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/12/24 19:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2003/11/03 08:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2007/09/15 17:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2011/01/05 03:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/07/14 12:32:07 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2006/10/15 00:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2006/10/14 20:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2003/11/03 08:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2009/04/09 23:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/12/25 11:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2006/09/06 16:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/11/23 12:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2006/04/01 20:51:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2004/05/17 18:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\Black Isle
[2010/07/02 17:59:28 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/26 19:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/11/03 08:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2003/11/03 08:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/11/26 19:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/06/14 23:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/06/14 23:15:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2003/11/03 08:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/05/24 17:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2006/11/18 17:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\Dell AIO Printer A940
[2003/11/03 08:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2007/04/13 19:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2003/11/03 08:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/10/09 13:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\DISHMail
[2007/03/30 19:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2003/12/24 22:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2003/11/03 08:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2007/12/15 20:15:41 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/10/09 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2010/07/02 15:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/05/03 22:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2008/05/03 22:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/04/15 21:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\hbinst
[2010/11/26 19:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/11/26 19:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/11/26 19:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2008/06/22 19:29:51 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/11/03 08:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/16 09:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/02 18:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/02 18:09:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2003/11/03 08:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/07/02 14:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2004/08/02 20:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\Kap.SAT
[2011/05/10 11:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2003/11/03 08:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/01/09 19:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 1200 Series
[2010/01/09 20:53:13 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2007/09/02 11:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2009/04/13 12:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2003/11/26 20:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\LocalAutorun
[2005/04/17 11:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2007/08/22 19:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2011/06/12 19:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2003/11/10 11:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2011/05/21 16:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/05/10 12:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/01/09 20:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/11/03 08:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2003/11/03 08:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/04/18 20:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2003/11/03 08:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2010/04/25 18:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/24 17:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Live
[2011/04/23 20:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2003/11/03 08:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/04/25 03:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2003/11/03 08:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2003/11/03 08:47:18 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2009/10/09 19:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/12 03:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/03/25 18:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/13 12:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/04/25 18:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2003/11/03 08:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/05/03 22:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/04/24 18:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2003/12/25 12:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/15 03:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/02 20:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/01/09 20:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2003/11/03 08:47:11 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2003/11/03 08:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 04:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/02/29 13:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/01/02 01:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2008/05/03 22:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Planetarium
[2006/11/12 13:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Portable Media Center
[2010/07/02 18:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2003/11/03 08:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2003/11/09 18:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Red Storm Entertainment
[2009/04/13 12:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2003/11/03 08:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/07/15 10:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\SANYO Digital Camera
[2009/04/10 22:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2003/11/03 08:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/03/09 22:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/03/20 22:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2004/05/20 19:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Succeed
[2010/01/07 17:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2003/11/26 11:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\SurferNETWORK Player
[2004/04/12 19:47:14 | 000,000,000 | ---D | M] -- C:\Program Files\Tracker
[2003/11/09 18:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\ubi.com
[2005/12/25 12:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2005/07/13 03:01:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/15 09:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/10/09 19:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2006/06/09 19:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDub
[2009/04/13 12:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2010/07/02 16:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/01/09 20:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/18 09:46:18 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/23 19:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/02/06 21:46:39 | 000,000,000 | ---D | M] -- C:\Program Files\WordBiz
[2003/11/03 08:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2010/11/26 19:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 17:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:disk.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:disk.sys
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2008/07/17 16:09:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/01/09 20:19:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DLLCACHE\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys
[2002/08/29 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\I386\DISK.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 07:06:15

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2003/08/09 19:36:02 | 000,045,139 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2003/08/09 19:36:02 | 000,045,139 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Bartholow\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< >

< End of report >

OTL Extras logfile created on: 6/12/2011 10:41:09 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Bartholow\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 53.59% Memory free
4.10 Gb Paging File | 3.06 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2248 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 4.20 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
Drive D: | 147.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.72 Gb Total Space | 3.47 Gb Free Space | 93.24% Space Free | Partition Type: FAT32

Computer Name: D2FVDQ31 | User Name: Bartholow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\SYSTEM32\lxczcoms.exe" = C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{386B44E0-AF56-11D5-8125-00105A533D72}" = Digital PhotoShot 5.02
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AB8C3502-1033-4B94-98DD-087D19BF72A3}" = Portable Media Center
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B775508A-4420-4D47-B408-918427CE0616}" = HP Photosmart Cameras 4.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB46245B-CECA-406F-8790-3ABA0D01012F}" = Roxio VideoWave Movie Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2276CCD-7998-463D-8240-A1A3F58B0FA3}" = Oblivion - Fighter's Stronghold
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C5E211F5-7E9A-4D0A-88F0-D5E1FB849ABA}" = ATI Catalyst Control Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAA73A2-D445-4b67-BC9E-E0428B6DDBCC}" = CameraDrivers
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}" = Interactive User’s Guide
"{E78DAA24-38F8-4D35-B732-B18ABA0424DF}" = Microsoft Office Live Image Uploader
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell AIO Printer A940" = Dell AIO Printer A940
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DISH Optimizer_is1" = DISH Optimizer Ver 2008-05-01
"EMBARQ Help Online" = EMBARQ Help Online
"EMBARQ Remote Control" = EMBARQ Remote Control
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Image Zone 4.5
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"MSC" = McAfee AntiVirus Plus
"MSN Music Assistant" = MSN Music Assistant
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"Planetarium" = Planetarium
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"Q903235" = Internet Explorer Q903235
"RealPlayer 6.0" = RealOne Player
"SANYO Digital Camera Driver" = SANYO Digital Camera Driver
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Sprint.MccInstall" = CenturyLink Help
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SurferNETWORK Player" = SurferNETWORK Player
"SysInfo" = Creative System Information
"The Sims" = The Sims
"Touch The Sky" = Touch The Sky
"Universal Media Player" = Universal Media Player
"Unofficial Official Mods Patch_is1" = Unofficial Official Mods Patch v11
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Usmleworld Step1 QBank" = Usmleworld Step1 QBank

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-12 22:59:46
-----------------------------
22:59:46.811 OS Version: Windows 5.1.2600 Service Pack 3
22:59:46.811 Number of processors: 2 586 0x209
22:59:46.811 ComputerName: D2FVDQ31 UserName:
22:59:52.015 Initialize success
23:00:03.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:00:03.015 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
23:00:05.046 Disk 0 MBR read successfully
23:00:05.046 Disk 0 MBR scan
23:00:05.046 Disk 0 Windows XP default MBR code
23:00:07.062 Disk 0 scanning sectors +156232125
23:00:07.078 Disk 0 scanning C:\WINDOWS\system32\drivers
23:00:22.922 Service scanning
23:00:24.031 Disk 0 trace - called modules:
23:00:24.031 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a4921ed]<<
23:00:24.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4f6ab8]
23:00:24.031 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4d4d98]
23:00:24.031 \Driver\atapi[0x8a4d54a8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a4921ed
23:00:24.031 Scan finished successfully
23:01:06.563 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\MBR.dat"
23:01:06.579 The log file has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee AntiVirus Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6844

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/12/2011 8:41:54 PM
mbam-log-2011-06-12 (20-41-54).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 324998
Time elapsed: 1 hour(s), 14 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NCQftnHgDltsBD (Trojan.FakeAlert) -> Value: NCQftnHgDltsBD -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ncqftnhgdltsbd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\bartholow\local settings\temp\1A5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\bartholow\local settings\temp\1A6.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\bartholow\local settings\temporary internet files\Content.IE5\518LMBEE\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\17511.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\74656.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\7761AD.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\11FE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\208D.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4084.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\5753.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\646C.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\833B.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\8EA0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\DAC0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\20176676.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hi sbart and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

It looks like the rogue has already been bashed by MBAM - which is good.

The Windows XP Restore shortcut that remains on your desktop is harmless, you can delete it safely.

Your aswMBR log worries me a bit, it appears to be not clean. When you run the scan, some of the lines appear in red, correct?

Do you have a Windows XP setup disk?

Thank you very much for your quick reply!

Some of the lines do appear red. These ones do.

08:47:36.768 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a4921ed]<<
08:47:36.768 \Driver\atapi[0x8a4d54a8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a4921ed

This computer is 9 years old. I will have to search for the Windows XP setup disk. What do the red lines mean?

I ran Malwarebytes again. This is the second log.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6844

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2011 8:42:27 AM
mbam-log-2011-06-13 (08-42-27).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 331146
Time elapsed: 5 hour(s), 23 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bartholow\Local Settings\Application Data\iap.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP321\A0038962.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP321\A0038963.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP321\A0038964.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP321\A0038965.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP321\A0038966.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

The red lines mean you have a MBR infection. The 100% safe way to get rid of that is with your original Windows XP setup disk. This infection is pretty hard to remove.

You can try this:

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Once the scan finishes click Fix to fix the infected MBR

Without rebooting proceed with:

• Download TDSSKiller by Kaspersky from here and save it to your desktop
  
• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  
• The report can also be found in the root of your Windows drive (most likely C:\).

After that reboot and run aswMBR again, scan and post that log here.

I found the Windoes XP Home Edition Reinstallation CD last evening. If this is what I need, please let me know what to do next to be 100% safe. You are correct. I believe my computer is still infected. When I turned it on and opened the web browser last evening, it redirected to a website called Scour (which I know is bad), and then started playing random sound clips. At this time, I am posting this now from a different computer. Please let me know what I should do next now that I found the CD, and whether or not I should still be doing this in safe mode when doing this. thanks again for your help!

• Put the Windows XP setup disk in the disk drive, restart the computer and boot from the disk.
  
• In the Welcome to Setup screen, hit R to start the Recovery Console
  
• Select the installation that you want to repair (typically there will be only one)
  
• You will have to enter the Administrator password when prompted (hit Enter if the admin account does not have a password)
  
• At the command prompt type FixMbr and hit Enter.
  
• Type exit and hit Enter to reboot your computer normally (remove the Windows XP setup disk).

NOTE: if you don´t know how to make your computer boot from a disk, check out this page.

====================

After that reboot and run aswMBR again, scan and post that log here.

When I get to the FixMBR point, it gives me a "Caution: this computer appears to have a non-standard or invalid master boot record. FIX MBR may damage your partition tables if you proceed...are you sure you want to write a new MBR?"
Please let me know if I am doing something incorrect?

You are doing fine.

This computer indeed appears to have a "non-standard or invalid master boot record" - it has a master boot record that is infected with a bootkit :p

Yes, there is a little risk in writing a new MBR, but it is the only way of getting rid of the infected MBR.

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 08:13:37
-----------------------------
08:13:37.656 OS Version: Windows 5.1.2600 Service Pack 3
08:13:37.656 Number of processors: 2 586 0x209
08:13:37.656 ComputerName: D2FVDQ31 UserName:
08:14:18.828 Initialize success
08:14:23.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:14:23.515 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
08:14:25.859 Disk 0 MBR read successfully
08:14:25.859 Disk 0 MBR scan
08:14:25.859 Disk 0 Windows XP default MBR code
08:14:28.281 Disk 0 scanning sectors +156232125
08:14:28.546 Disk 0 scanning C:\WINDOWS\system32\drivers
08:15:21.781 Service scanning
08:15:25.781 Disk 0 trace - called modules:
08:15:25.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad051ed]<<
08:15:25.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adc9ab8]
08:15:25.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad63b00]
08:15:25.812 \Driver\atapi[0x8adcc9b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8ad051ed
08:15:25.812 Scan finished successfully
08:15:45.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\MBR.dat"
08:15:45.062 The log file has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\aswMBRnew.txt"

hmmm.... when you do the scan, some of the aswMBR lines appear in red, correct?

Lets try another rootkit scan

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

• Double click the file to run the tool. It may take a while to load.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  
• In the right panel, you will see several boxes that have been checked
  
• Make sure this is unchecked: Show All
  
• Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  
• Click Scan to start the scan
  
• When it has finished, click Save and save the log as gmer.txt on your desktop
  
• If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  
• Click OK to quit GMER.
  
• Please post the contents of gmer.txt into your next reply.

Yes, we still have red lines. Below is the text from the GMER scan

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 21:23:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: 5mpujn5z.exe; Driver: C:\DOCUME~1\BARTHO~1\LOCALS~1\Temp\pxlyapob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF745FD70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF745FD84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF745FDB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF745FE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF745FD5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF745FD34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF745FD48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF745FD9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF745FDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF745FDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF745FE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF745FE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF745FDF0]
Code 220864C0 IoReportHalResourceUsage
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F7622BD0 4 Bytes [82, AA, 4D, 80]
INITc VolSnap.sys F7622BF8 4 Bytes [E6, 7D, 4E, 80]
INITc VolSnap.sys F7622C21 3 Bytes [C4, 4D, 80] {LES ECX, DWORD [EBP-0x80]}
INITc VolSnap.sys F7622C48 4 Bytes [96, 34, 4E, 80]
INITc VolSnap.sys F7622C70 4 Bytes [F6, 14, 4E, 80]
INITc ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FEF
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091001B
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0090007D
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F92
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090006C
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900FAF
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FCA
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000A9
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900098
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009000F0
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009000D5
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F3C
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900051
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F77
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0090002C
.text C:\WINDOWS\System32\svchost.exe[424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009000BA
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30022
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30069
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30011
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30000
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30FB6
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C3004E
.text C:\WINDOWS\System32\svchost.exe[424] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30033
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20040
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20025
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC6
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20000
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FB5
.text C:\WINDOWS\System32\svchost.exe[424] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\System32\svchost.exe[424] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[424] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00920FDE
.text C:\WINDOWS\System32\svchost.exe[424] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920014
.text C:\WINDOWS\System32\svchost.exe[424] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00920FCD
.text C:\WINDOWS\System32\svchost.exe[424] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A9006C
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A90F77
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90F94
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A90FAF
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A90036
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A900A9
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90098
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A90F10
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A90F2B
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A900CE
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90051
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A90FD4
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A90087
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A90025
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A90014
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A90F46
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC002F

.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0076
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0FAF
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0051
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0040
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0038
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0027
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC1
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0016
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0068
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0057
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D0F7F
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D0F90
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0FB2
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D008A
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D0F4E
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D00C7
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D00B6
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D0F09
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0FA1
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D0079
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0FC3
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D009B
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00710FB9
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00710F61
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00710FD4
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00710FE5
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00710F72
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00710000
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00710F83
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [91, 88]
.text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00710F9E
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0070004E
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 0070003D
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00700FDE
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00700FCD
.text C:\WINDOWS\System32\svchost.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700018
.text C:\WINDOWS\System32\svchost.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DE0014
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0F6D
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0058
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0F8A
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0F9B
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0033
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F2B
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F3C
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0EF5
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD008E
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD00A9
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0FAC
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD0011
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD0073
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD0022
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD0FD1
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD0F1A
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E60025
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E60FA8
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E6005B
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E60FC3
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [06, 89]
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E6004A
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E5002E
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E5001D
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E50FC8
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E5000C
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E50FAD
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00E7002C
.text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01660000
.text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01660FEF
.text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01660025
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016B0FE5
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016B007D
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016B0062
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 016B0051
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016B0F94
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016B002C
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016B0F41
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016B0F52
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016B00A4
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016B0F0B
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016B00BF
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016B0FA5
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016B0FD4
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 016B0F6D
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 016B0011
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 016B0000
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016B0F26
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 016A0FDB
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 016A0065
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 016A0022
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 016A0011
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 016A0F9E
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 016A0000
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 016A0FAF
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8A, 89]
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 016A0FC0
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01690FB4
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 0169003F
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0169001D
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0169000C
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0169002E
.text C:\WINDOWS\system32\services.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01690FE3
.text C:\WINDOWS\system32\services.exe[1064] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 01670FEF
.text C:\WINDOWS\system32\services.exe[1064] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0167000A
.text C:\WINDOWS\system32\services.exe[1064] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01670FD4
.text C:\WINDOWS\system32\services.exe[1064] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01670FC3
.text C:\WINDOWS\system32\services.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01680000
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F50014
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F900A4
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90093
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90076
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90065
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FC3
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F68
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F79
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900E6
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F4D
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F32
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F8A
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9002F
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900CB
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F94
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70049
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70038
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FE3
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FC8
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7001D
.text C:\WINDOWS\system32\lsass.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0082
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0067
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D0F8D
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D0F9E
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0FC0
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D00C4
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D00A9
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D00F0
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D00DF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D0F46
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0FAF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D0025
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D0F72
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D0036
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D0F61
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00710036
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00710FA5
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00710025
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0071000A
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00710062
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00710FEF
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00710FC0
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [91, 88]
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00710047
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700044
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00700029
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700018
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE008B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE007A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0FA0
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0069
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0058
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F54
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F65
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE00C8
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00AD
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00ED
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FD1
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE009C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE003D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F39
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C2006F
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10F97

.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FD2
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE0F61
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0F72
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0F83
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0040
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE002F
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0F35
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F46
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE0EEE
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0EFF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0098
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE0FA8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0071
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE0014
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE0F10
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E20040
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20025
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E20076
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E2005B
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E1002C
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10FAB
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10011
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FBC
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02940000
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0294001B
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02940FDB
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02930FE5
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02930F72
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02930F83
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02930051
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02930F94
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02930FC0
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02930082
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02930F46
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029300AE
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02930F15
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02930EFA
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02930FAF
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02930000
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02930F61
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0293002C
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02930011
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02930093
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05030025
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05030065
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05030FCA
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05030000
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0503004A
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05030FE5
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 05030FA8
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [23, 8D]
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05030FB9
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05020F9E
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!system 77C293C7 5 Bytes JMP 05020FC3
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05020018
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05020FEF
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05020033
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05020FDE
.text C:\WINDOWS\System32\svchost.exe[1496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 04F10000
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04F00000
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04F00FE5
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04F00FCA
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 04F00FAF
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640FCA
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0063006E
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F83
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063005D
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F43
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F54
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006300C4
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F21
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630F10
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630F9E
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0063007F
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630014
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F32
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F8A
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FA5
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660047
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0065004E
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 0065003D
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650022
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FE3
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910093
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F94
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910078
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0091005B
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910036
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F52
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F79
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F37
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100C6
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009100E1
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910FAF
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FE5
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009100A4
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FC0
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910011
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009100B5
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950FB2
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950043
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00950FC3
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00950FDE
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00950F90
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950FEF
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00950FA1

.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B5, 88] {MOV CH, 0x88}
.text C:\WINDOWS\System32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00950028
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940FA6
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940031
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940FD2
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940FC1
.text C:\WINDOWS\System32\svchost.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0094000C
.text C:\WINDOWS\System32\svchost.exe[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 020B0000
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 020B0022
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 020B0011
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01F50FEF
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01F50065
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01F50054
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01F50F7C
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01F50F8D
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01F5002F
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01F50F55
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01F5009D
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01F50F30
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01F500C9
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01F500E4
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01F50FA8
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01F50FD4
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01F50080
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01F50FB9
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01F5000A
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01F500B8
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B00036
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B00F79
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B00025
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B00FEF
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B00F94
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B0000A
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B00FAF
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 8A]
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B00FCA
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02A90FBE
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!system 77C293C7 5 Bytes JMP 02A90053
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02A90FE3
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02A9000C
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02A90038
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02A9001D
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 020D000A
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 020D001B
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 020D0FE5
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 020D0FCA
.text C:\WINDOWS\Explorer.EXE[1772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02A80FE5
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A40011
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A3007D
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A3006C
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A300AB
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A3009A
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A30F2D
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A300C6
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A30F12
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A30F63
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A30014
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A30F48
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A7001B
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70F80
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70FD4
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A7003D
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A70FA5
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C7, 88]
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A7002C
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A6005D
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60FC8
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60038
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60FD9
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A6001D
.text C:\WINDOWS\system32\svchost.exe[1800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5001B
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C4000A
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40076
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40F8B
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40F9C
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C4005B
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40040
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C400A4
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40093
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C400E1
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C400D0
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40F2D
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40FB9
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C4001B
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40F66
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C400B5
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0025
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0065
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0FA8
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB0040
.text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0064
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0053
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0027
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0042
.text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\internet explorer\iexplore.exe[2300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C
.text C:\Program Files\internet explorer\iexplore.exe[2300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002B0000
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002B00AB
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002B009A
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002B0089
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002B006C
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002B0040
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002B0F74
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!

GetStartupInfoA 7C801EF2 5 Bytes JMP 002B0F9B
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002B00FC
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002B0F59
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002B0F48
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002B0051
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002B0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002B00C6
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002B001B
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002B0FCA
.text C:\Program Files\internet explorer\iexplore.exe[2300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002B00D7
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FA8
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0F61
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FB9
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FD4
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0F7C
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FE5
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0F8D
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
.text C:\Program Files\internet explorer\iexplore.exe[2300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0014
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B0053
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B0FBE
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B0FE3
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B000C
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B002E
.text C:\Program Files\internet explorer\iexplore.exe[2300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B001D
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00F16A90
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00F16C90
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60FEF
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D60FD4
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D60FB9
.text C:\Program Files\internet explorer\iexplore.exe[2300] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00D60F9E
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9000A
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00510FEF
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0058000A
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E1000A
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E8000A
.text C:\Program Files\internet explorer\iexplore.exe[2300] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0057000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\internet explorer\iexplore.exe[2472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCD
.text C:\Program Files\internet explorer\iexplore.exe[2472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDE
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002B0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002B0F8A
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002B007F
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002B006E
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002B0051
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002B0025
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002B00A1
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002B0090
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002B0F20
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002B00C3
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002B00D4
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002B0036
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002B0FDE
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002B0F65
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002B0014
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002B0FC3
.text C:\Program Files\internet explorer\iexplore.exe[2472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002B00B2
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FA8
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A004A
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FB9
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FD4
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0F8D
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FE5
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 003A002F
.text C:\Program Files\internet explorer\iexplore.exe[2472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0014
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B0042
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B0FB7
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B0FD2
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B0027
.text C:\Program Files\internet explorer\iexplore.exe[2472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B000C
.text C:\Program Files\internet explorer\iexplore.exe[2472] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 10022D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetCloseHandle 3D949088 5 Bytes JMP 10022C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00F16A90
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 10022EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10022FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00F16C90
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60FEF
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D60FCA
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D6000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00D6001B
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E5000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E2000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00530FEF
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E1000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E4000A
.text C:\Program Files\internet explorer\iexplore.exe[2472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01020000
.text C:\Program Files\internet explorer\iexplore.exe[2824] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01020FD4
.text C:\Program Files\internet explorer\iexplore.exe[2824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01020FE5
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010000
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010098
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0101007D
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010FA3
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010062
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010036
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010100EB
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010100CE
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010110
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010F77
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01010F52
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01010047

.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01010FDB
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010100BD
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01010011
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01010FC0
.text C:\Program Files\internet explorer\iexplore.exe[2824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01010F92
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01060025
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01060062
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01060FD4
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01060FE5
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01060051
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0106000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01060FAF
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 89]
.text C:\Program Files\internet explorer\iexplore.exe[2824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01060036
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01050F86
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!system 77C293C7 5 Bytes JMP 01050011
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01050FB5
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01050FEF
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01050000
.text C:\Program Files\internet explorer\iexplore.exe[2824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01050FD2
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B26A90
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B26C90
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 0103000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01030025
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01030FEF
.text C:\Program Files\internet explorer\iexplore.exe[2824] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01030040
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E2000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0104000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DE000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E0000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E1000A
.text C:\Program Files\internet explorer\iexplore.exe[2824] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\internet explorer\iexplore.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FDB
.text C:\Program Files\internet explorer\iexplore.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002B0FEF
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002B0FB7
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002B0FC8
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002B00A2
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002B0087
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002B0051
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002B0F7F
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002B00C7
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002B00E2
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002B0F53
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002B0F24
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002B006C
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002B0014
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002B0F9C
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002B0036
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002B0025
.text C:\Program Files\internet explorer\iexplore.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002B0F64
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FC3
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0076
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FDE
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0014
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A005B
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FEF
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 003A004A
.text C:\Program Files\internet explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0039
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B002F
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B0FA4
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B0FC6
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B0000
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B0FB5
.text C:\Program Files\internet explorer\iexplore.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B0FD7
.text C:\Program Files\internet explorer\iexplore.exe[3552] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 10022D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetCloseHandle 3D949088 5 Bytes JMP 10022C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00F16A90
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 10022EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10022FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00F16C90
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C60000
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C60011
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C60FE5
.text C:\Program Files\internet explorer\iexplore.exe[3552] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00C60FC0
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E4000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E1000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0052000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E2000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E3000A
.text C:\Program Files\internet explorer\iexplore.exe[3552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0058000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[656] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[656] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\internet explorer\iexplore.exe[2472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:136] 8AD09E7A
Thread System [4:140] 8AD0C008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 19
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 18
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Bartholow\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08833CB4-9787-11E0-9215-00038A000015}.dat 10752 bytes

---- EOF - GMER 1.0.15 ----

Nothing in the GMER log that worries me.

I´m a bit surprised by the aswMBR log. You performed the fixmbr command from the recovery console, right? There were no errors and all went fine?

Yes, I tried this again and all went well. Below is the subsequent aswMBR scan (still with red lines).

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-16 22:46:44
-----------------------------
22:46:44.828 OS Version: Windows 5.1.2600 Service Pack 3
22:46:44.828 Number of processors: 2 586 0x209
22:46:44.828 ComputerName: D2FVDQ31 UserName:
22:46:46.312 Initialize success
22:46:48.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:46:48.000 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
22:46:48.031 Disk 0 MBR read successfully
22:46:48.031 Disk 0 MBR scan
22:46:48.031 Disk 0 Windows XP default MBR code
22:46:48.031 Disk 0 scanning sectors +156232125
22:46:48.093 Disk 0 scanning C:\WINDOWS\system32\drivers
22:47:12.046 Service scanning
22:47:16.531 Disk 0 trace - called modules:
22:47:16.531 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad291ed]<<
22:47:16.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad7aab8]
22:47:16.531 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad75b00]
22:47:16.546 \Driver\atapi[0x8adcf9b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8ad291ed
22:47:16.546 Scan finished successfully
22:47:31.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\MBR.dat"
22:47:31.125 The log file has been saved successfully to "C:\Documents and Settings\Bartholow\Desktop\aswMBR.txt"

Since I found the XP setup disk, I never did try the TDSS Killer or the fix option within aswMBR.

OK, so now I´m angry and I want to know what is going on.

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to C:\

• Mirror #1
  
• Mirror #2
  
• Mirror #3

Also copy aswMBR.exe to C:\

We are going to use a boot CD to help us find out stuff.

• You will need a blank CD to burn the boot CD
  
• Download OTLPEStd.exe by OldTimer from here (a big download)
  
• Double-click on OTLPEStd.exe to burn the boot CD
  
• Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out this page
  
• Booting will take quite some time, so please be patient

So now you will be in a Windows environment, booted from CD. A very useful tool, keep it around

Use explorer to browse to your system disk and run mbrcheck. I´m interested in what it finds. I suspect Black Internet/Whistler, but I´m utterly flabberghasted that it survives an offline fixmbr.

If it finds your MBR to be bad, run aswMBR and fix.
After that rerun mbrcheck - see if problems are solved.

Report your findings back here please.

I retyped what it said on MBRcheck below

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDriv0 at offset 0x00000000'02738a00
74GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
Press Enter to Exit

I can't fully run aswMBR from the boot CD "Windows" environment. It disables the Scan and Fix options. It leaves the FixMBR option, but there is no way to run the scan in the first place. Below is what it says when the program itself loads

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 22:29:38
-----------------------------
22:29:38.109 OS Version: Windows 5.1.2600
22:29:38.109 Number of processors: 1 586 0x209
22:29:38.109 ComputerName: REATOGO UserName: SYSTEM
22:29:38.531 Initialze error 0
22:31:37.687 The log file has been saved successfully to "D:\aswMBRlogtonight.txt"

OK - your MBR is clean.

I´m wondering where those aswmbr red lines come from. I´ll get back later this weekend.

Let me know if you see any problems. Maybe we´re chasing ghosts and you computer is clean.

Well, the other night we did get the Scour redirect. I haven't used the web browser since then (posting this from a different computer now). When the computer was on yesterday and a couple of days ago, after 20 minutes, it starts playing random sound clips when absolutely no Windows are open (like a movie podcast and random commercials).

The people here seem to be relating a similar problem to the one I am having, in case I am not describing it clearly.

http://forums.cnet.com/7723-6122_102-273610.html

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

ComboFix 11-06-17.04 - Bartholow 06/19/2011 17:53:36.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1655 [GMT -4:00]
Running from: c:\documents and settings\Bartholow\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bartholow\Templates\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
c:\documents and settings\Bartholow\WINDOWS
c:\windows\system32\O.BAT
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-17 13:11 . 2011-06-17 12:38 98078016 ----a-w- C:\OTLPEStd.exe
2011-06-17 13:11 . 2011-06-17 12:27 80384 ----a-w- C:\MBRCheck.exe
2011-06-13 02:41 . 2011-06-13 02:41 581120 ----a-w- C:\aswMBR.exe
2011-06-13 02:02 . 2011-06-13 02:03 -------- d-----w- C:\commy
2011-06-12 21:11 . 2002-08-29 11:00 4224 ----a-w- c:\windows\system32\beep.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-05-06 00:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 00:01 . 2010-07-02 00:01 141 ----a-w- c:\program files\drv_30282781.bat
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\BEEP.SYS
[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\beep.sys
[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DLLCACHE\beep.sys
.
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-11-03 151597]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"mswspl"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-01 53248]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Motive SmartBridge"="c:\progra~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe" [2010-10-19 483415]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-06-24 53248]
.
c:\documents and settings\Bartholow\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-3-9 344064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2003-11-3 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-11-3 24576]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2009-10-9 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/9/2010 3:51 PM 89368]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/25/2011 4:04 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [4/25/2011 4:03 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/9/2010 3:51 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/9/2010 3:51 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/9/2010 3:51 PM 83688]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/5/2010 8:50 PM 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/9/2010 3:51 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/9/2010 3:51 PM 85984]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008Core.job
- c:\documents and settings\Bartholow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 15:25]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008UA.job
- c:\documents and settings\Bartholow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myembarq.com
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *'*U%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,ea,e9,7f,00,9d,0d,a9,d4,1f,69,a6,f4,f1,04,ae,12,74,5a,4d,8f,e5,24,
c5,b8,f0,b2,fa,31,a2,5e,b3,d2,41,f8,ea,25,14,0a,04,4b,8d,ed,65,e8,a3,28,3c,\
"??"=hex:b5,60,ab,13,74,34,3d,76,40,37,43,7c,29,c5,f8,80
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
"PK3IM51V2WPW5YOPIRJ365XEIG1"=hex:01,00,01,00,00,00,00,00,c3,a2,73,89,0b,39,ad,
69,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,1f,f1,4a,
51,1c,86,65,14,87,4c,de,40,12,89,ab,80,31,7e,9a,ab,57,11,78,f9,46,20,33,3d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-06-19 18:29:05
ComboFix-quarantined-files.txt 2011-06-19 22:28
.
Pre-Run: 3,727,970,304 bytes free
Post-Run: 4,824,670,208 bytes free
.
- - End Of File - - FEFDFCCCBD049B13FF762A268179F67D

My mouth is open now . Combofix found a rootkit that GMER did not.

Anyway - I´d say that redirects are gone now. Could you please confirm that?

====================

• Please create a new text file in Notepad with the following contents:
  

  Code:

  KILLALL::
FCopy::
c:\windows\ERDNT\cache\BEEP.SYS | c:\windows\System32\drivers\beep.sys


Reglock::
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *'*U%\OpenWithList]
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%]
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%\OpenWithList]
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*]
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*\OpenWithList]


  
  
• Save that file as CFScript.txt on your desktop
  
• Drag and drop the CFScript.txt onto the ComboFix icon, as shown in the animation below.
  
  
• If done correctly, ComboFix will start and perform specific instructions
  
• In doing so, ComboFix may request a reboot
  
• Please post the contents of Combofix.txt in your next reply

We have not had problems with the redirects since running this last scan.

ComboFix 11-06-19.0r1 - Bartholow 06/20/2011 21:18:25.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1474 [GMT -4:00]
Running from: c:\documents and settings\Bartholow\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bartholow\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache\BEEP.SYS --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 01:18 . 2002-08-29 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2011-06-21 01:18 . 2002-08-29 11:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2011-06-17 13:11 . 2011-06-17 12:38 98078016 ----a-w- C:\OTLPEStd.exe
2011-06-17 13:11 . 2011-06-17 12:27 80384 ----a-w- C:\MBRCheck.exe
2011-06-13 02:41 . 2011-06-13 02:41 581120 ----a-w- C:\aswMBR.exe
2011-06-13 02:02 . 2011-06-13 02:03 -------- d-----w- C:\commy
2011-06-12 21:11 . 2002-08-29 11:00 4224 ----a-w- c:\windows\system32\beep.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-05-06 00:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 00:01 . 2010-07-02 00:01 141 ----a-w- c:\program files\drv_30282781.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-11-03 151597]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"mswspl"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-01 53248]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Motive SmartBridge"="c:\progra~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe" [2010-10-19 483415]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-06-24 53248]
.
c:\documents and settings\Bartholow\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-3-9 344064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2003-11-3 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-11-3 24576]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2009-10-9 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/9/2010 3:51 PM 89368]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/25/2011 4:04 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [4/25/2011 4:03 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/9/2010 3:51 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/9/2010 3:51 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/9/2010 3:51 PM 83688]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/5/2010 8:50 PM 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/9/2010 3:51 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/9/2010 3:51 PM 85984]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/10/2011 12:12 PM 214904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008Core.job
- c:\documents and settings\Bartholow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 15:25]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149151807-4052898740-1945230209-1008UA.job
- c:\documents and settings\Bartholow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myembarq.com
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *'*U%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l*h%*%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #ñ*ö*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-149151807-4052898740-1945230209-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,ea,e9,7f,00,9d,0d,a9,d4,1f,69,a6,f4,f1,04,ae,12,74,5a,4d,8f,e5,24,
c5,b8,f0,b2,fa,31,a2,5e,b3,d2,41,f8,ea,25,14,0a,04,4b,8d,ed,65,e8,a3,28,3c,\
"??"=hex:b5,60,ab,13,74,34,3d,76,40,37,43,7c,29,c5,f8,80
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
"PK3IM51V2WPW5YOPIRJ365XEIG1"=hex:01,00,01,00,00,00,00,00,c3,a2,73,89,0b,39,ad,
69,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,1f,f1,4a,
51,1c,86,65,14,87,4c,de,40,12,89,ab,80,31,7e,9a,ab,57,11,78,f9,46,20,33,3d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\progra~1\VIRTUA~2\SMARTB~1\SBHook.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PnkBstrA.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Virtual Assistant\bin\mpbtn.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-06-20 21:57:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 01:57
ComboFix2.txt 2011-06-19 22:29
.
Pre-Run: 4,561,227,776 bytes free
Post-Run: 4,517,220,352 bytes free
.
- - End Of File - - 355284E219E19F826A5879D075EE7DBF

Excellent. As far as I can see, your computer is CLEAN.



====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!

• Adobe Reader 10.0. The last and most safest version of Adobe Reader.
  
• SumatraPDF. Very small and very light PDF viewer.
  
• PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.

====================

I see you have Viewpoint installed. I recommend you uninstall it. It is foistware, software that is installed without your consent. It comes with AOL and is pretty much useless.

====================

Time to uninstall used tools.

• Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  
• Double click OTL.exe to run it again and click the CleanUp button.
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?

Please send us your list of recommendations. Thank you for all of your help in this process! It has been greatly appreciated.

You are welcome! It was an interesting case at the end, with GMER failing to show the true nature of the infection.

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!