Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Questionable Corupted Registry

Started by docret96 , Feb 19 2011 01:32 AM

  • Please log in to reply

#1
docret96
Posted 19 February 2011 - 01:32 AM

docret96

    Member

  • Member
  • PipPip
  • 15 posts
My computer has over the past number of weeks seemed to be progressively running and booting slower. I have McAfee Security Service which is set and does a full scan of my computer eveery day. Report shows nothing wrong. I have also Malwarebytes' Anti-Malware which is set up has a manual supplement to McAfee. I have run it on a regular basis, checking for updates each time, and the report always reads no problem. I have searched the internet to try and find an answer and found lots of answers. Registry Cleaners, Optimizers, etc., the list is endless. The bad thing is I know enough that I could easily get myself into trouble. I do have to admit I tried, I became intrigued by a program called PC Health Advisor by paretologic. The free scan reported numerous problems with the registry(s). I know that some of these company will give a false report to get you to buy their product. I didn't buy and once I read what it had to say I uninstalled it. I have ran OTL and tried to make heads or tails of the report. Understand some. I don't want to call McAfee. Last time I made that mistake I was on the phone liturally for 5hrs and 45mins. Is there a way to determine if a registry is corupted? A legitimate software that is available. I would appreciate any and all assistance. My operating system is Windows xp pro. I also have on my computer several programs that were left when I dealt with McAfe (Avenger, Killbox, Icesword xp,Gmer New.exe) Again thank you for your time and any assistance you may give.
  • 0

Advertisements

#2
RKinner
Posted 22 February 2011 - 12:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Registry cleaners are the internet version of snake oil.

Run OTL. It was just recently updated so best to delete your old one and download a new version from

http://oldtimer.geekstogo.com/OTL.exe or www.itxassociates.com/OT-Tools/OTL.exe

select either the Use SafeList or All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Also

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
docret96
Posted 22 February 2011 - 10:07 PM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
RKinner
If I crossed my fingers and toes correctly I have the items that you wish to look at. Again thank you for your time and assistance.

Attached Files


  • 0

#4
RKinner
Posted 22 February 2011 - 10:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
In the future please open the logs then copy and paste them to a reply. They are too hard to work with when you attach them.

You have definitely got an infection tho it appears to be rather old and it may not be active at the moment but McAfee should have picked up these files. Just for fun go to http://virustotal.com and submit the file
C:\WINDOWS\ugazegixoretubed.dll
and see what they say about it. (Copy and paste the resulting report)

You have the whole Internet set as Trusted so it's amazing you are not completely overrun.


Uninstall:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_06

These are all obsolete versions of Java and are vulnerable to exploitation. Besides each one you remove will give you back 100 megs of disk space.

Copy the text in the code box by highlighting and Ctrl + c 


:Services

:OTL
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/05/19 14:24:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\A0388F
[2010/04/16 10:58:40 | 000,012,074 | -HS- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\4240601342
[2010/04/16 10:57:17 | 000,012,082 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4240601342
[2010/04/16 10:57:17 | 000,012,082 | -HS- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\2597009029
[2010/04/16 10:54:05 | 000,012,272 | -HS- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\U860
[2010/04/16 10:54:05 | 000,012,272 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2597009029
[2010/04/16 10:40:29 | 000,012,090 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\U860
[2010/04/16 10:40:29 | 000,012,090 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\U860
[2010/04/08 17:34:15 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\epxiaico.sys
[2010/03/31 13:44:25 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\npgdapbn.sys
[2010/02/01 07:57:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ucihemof.dll
[2010/02/01 05:55:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\eqayibew.dll
[2010/02/01 03:53:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\anelaguz.dll
[2010/02/01 01:51:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\anivigam.dll
[2010/01/31 23:49:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\oyerayeher.dll
[2010/01/31 21:47:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\onudegemidar.dll
[2010/01/31 19:45:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\izomimes.dll
[2010/01/31 17:43:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\apilemunajazeti.dll
[2010/01/31 15:41:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\igafeboco.dll
[2010/01/31 13:39:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ucogotan.dll
[2010/01/31 11:37:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\aqiyenaxixib.dll
[2010/01/31 09:35:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ipimasokup.dll
[2010/01/31 07:33:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ugazegixoretubed.dll
[2010/01/31 05:32:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\epuneter.dll
[2010/01/31 03:29:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\abicitaludejemi.dll
[2010/01/31 01:27:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\unoqibuz.dll
[2010/01/30 23:25:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\epojemilape.dll
[2010/01/30 21:23:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\epasumiwumezi.dll
[2010/01/30 19:21:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\eyiqiyon.dll
[2010/01/30 17:19:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\iqofenoyivoq.dll
[2010/01/30 15:17:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\igeqanej.dll
[2010/01/30 13:15:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\afojiseciyopubop.dll
[2010/01/30 11:13:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ujizibaha.dll
[2010/01/30 09:11:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\adiqoboxebodamu.dll
[2010/01/30 07:09:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\axuxitok.dll
[2010/01/30 05:07:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\uritijokilo.dll
[2010/01/30 03:05:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\edewuyazamil.dll
[2010/01/30 01:03:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ozasogolog.dll
[2010/01/29 23:01:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\isofusiz.dll
[2010/01/29 20:59:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ugovigul.dll
[2010/01/29 18:57:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\odeyohuy.dll
[2010/01/29 16:55:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\iwitamaga.dll
[2010/01/29 14:53:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\edogobeyeyo.dll
[2010/01/29 12:51:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\itufawin.dll
[2010/01/29 10:49:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ofenoguqutoqih.dll
[2010/01/29 08:47:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\equhoyopogic.dll
[2010/01/29 06:46:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\oyetoyef.dll
[2010/01/29 04:43:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\isodaqoxoqir.dll
[2010/01/29 02:41:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\izopamepozadu.dll
[2010/01/29 00:39:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ayecemuv.dll
[2010/01/28 22:37:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ajecoqafaripec.dll
[2010/01/28 20:35:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\osunamevede.dll
[2010/01/28 18:33:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\okozuyufomorabul.dll
[2010/01/28 16:31:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ehedayiyukejub.dll
[2010/01/28 14:29:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ozujegig.dll
[2010/01/28 12:27:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ayopasuy.dll
[2010/01/28 10:25:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\uhefatahixo.dll
[2010/01/28 08:23:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\acuvebuq.dll
[2010/01/28 06:21:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\oyiwotehokofata.dll
[2010/01/28 04:19:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\evujimijigoki.dll
[2010/01/28 02:17:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ezobozera.dll
[2010/01/28 00:15:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\asesulej.dll
[2010/01/27 22:13:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\owogopep.dll
[2010/01/27 20:11:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ulisaqom.dll
[2010/01/27 18:09:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\uwifopaw.dll
:Files
C:\Documents and Settings\Ant.D8R3KTF1\Local Settings\temp\iundyhpdm
     
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log x 2
MBAM log
Combofix log

Ron
  • 0

#5
docret96
Posted 24 February 2011 - 11:22 AM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
1st sorry about the attachment thing I should have remembered from before. I sent the file C:\WINDOWS\ugazegiooretubed.dll to virustotal.com but I had to send it via their email. Unable to access and send from the web site. Crossing my fingers and toes here are the logs from the scans. You made the comment that I have the whole Internet set as Trusted. I quess your referring to the all programs that request access the Internet. That being the case is there a good rule of thumb as to which programs to allow access and which ones' I should not? Thank you for your time and assist.


1.OTL logs

OTL Extras logfile created on: 2/23/2011 3:53:27 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 51.36 Gb Free Space | 68.98% Space Free | Partition Type: NTFS

Computer Name: GERALD-9VY47B6P | User Name: gerald murphy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18CC6334-7ED1-44e8-AA25-A0B1B5E56B8E}" = L7700
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62C3715A-BEFF-4189-A748-07025610DFCE}" = SMS 2003 Toolkit 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"ATT Pop-Up Catcher" = AT&T Pop-Up Catcher
"ATT-PRT22" = ATT-PRT22
"ATTToolbar" = AT&T Toolbar
"BellSouth® FastAccess® DSL Westell WireSpeed Update_is1" = Westell Firmware Upgrade
"BroadJump Client Foundation" = BroadJump Client Foundation
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp instant support" = hp instant support
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photo Printing Software" = HP Photo Printing Software
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iISystem Wiper_is1" = iISystem Wiper 2.4.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSNMS" = MSN Internet Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Rhapsody" = Rhapsody
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2010 9:27:33 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2010 9:27:34 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 7:19:29 PM | Computer Name = GERALD-9VY47B6P | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 12/30/2010 10:26:45 PM | Computer Name = GERALD-9VY47B6P | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0004482a.

Error - 12/30/2010 10:28:16 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 10:28:47 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/31/2010 3:32:23 PM | Computer Name = GERALD-9VY47B6P | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 12/31/2010 3:50:08 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2010 3:50:43 PM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/1/2011 11:59:10 AM | Computer Name = GERALD-9VY47B6P | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/22/2010 12:00:56 PM | Computer Name = GERALD-9VY47B6P | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/22/2010 12:00:56 PM | Computer Name = GERALD-9VY47B6P | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/22/2010 12:00:56 PM | Computer Name = GERALD-9VY47B6P | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 12/22/2010 12:00:56 PM | Computer Name = GERALD-9VY47B6P | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/22/2010 12:00:56 PM | Computer Name = GERALD-9VY47B6P | Source = Service Control Manager | ID = 7034
Description = The User Profile Hive Cleanup service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/22/2010 12:04:44 PM | Computer Name = GERALD-9VY47B6P | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.64,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 12/26/2010 11:34:03 AM | Computer Name = GERALD-9VY47B6P | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.64,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 12/30/2010 10:37:16 PM | Computer Name = GERALD-9VY47B6P | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.64,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/5/2011 2:12:01 PM | Computer Name = GERALD-9VY47B6P | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.64,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/5/2011 2:36:24 PM | Computer Name = GERALD-9VY47B6P | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.64,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >


OTL logfile created on: 2/23/2011 3:53:27 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 51.36 Gb Free Space | 68.98% Space Free | Partition Type: NTFS

Computer Name: GERALD-9VY47B6P | User Name: gerald murphy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/22 22:18:56 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools\procexp.exe
PRC - [2011/02/22 22:18:21 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools\OTL.exe
PRC - [2011/01/17 16:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/01/17 16:15:32 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/05/03 22:45:01 | 000,111,952 | ---- | M] (AT&T Corporation) -- C:\Program Files\ATT Internet Tools\blsloader.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/10/11 04:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 19:40:54 | 000,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/08/28 21:11:59 | 000,258,048 | ---- | M] (iISoftware) -- C:\Program Files\iISystem Wiper\SystemWiper.exe
PRC - [2002/04/30 02:00:00 | 000,167,424 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [2001/12/26 02:00:00 | 000,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/02/22 22:18:21 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/19 13:20:36 | 000,013,632 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2009/10/22 01:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 01:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/07/27 18:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/01/08 15:09:10 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/02 22:35:08 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/04/02 22:32:20 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/10/02 17:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 17:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 17:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 17:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 17:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/09/27 18:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/30 11:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_v124.sys -- (V124)
DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_tone.sys -- (Tones)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_msft.sys -- (hsf_msft)
DRV - [2001/08/17 13:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_spkp.sys -- (SpeakerPhone)
DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_samp.sys -- (Rksample)
DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_k56k.sys -- (K56)
DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_fall.sys -- (Fallback)
DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_faxx.sys -- (SoftFax)
DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_fsks.sys -- (Fsks)
DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys -- (basic2)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = InfoSpace
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://ypng.infospac...y*&qs=&x=36&y=5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/12 03:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/20 00:43:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/26 10:31:49 | 000,000,000 | ---D | M]

[2010/11/03 13:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Extensions
[2011/02/23 13:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\fxo2ky67.default\extensions
[2010/12/06 12:47:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\fxo2ky67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/03 13:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/20 07:54:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/12 03:52:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/20 18:30:53 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/05/19 10:31:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103162139.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [blspcloader] C:\Program Files\ATT Internet Tools\blsloader.exe (AT&T Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe (iISoftware)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsou...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} http://download.mcaf...ed/MGBrwFld.cab (BrowseFolderPopup Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.co...76/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1272936391718 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://amiuptodate.m...pdatePortal.cab (McUpdatePortalFactory Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098735743562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133118825937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,16/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/26 21:27:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 15:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/23 15:38:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/15 21:15:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/02/15 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Microsoft Corporation
[2011/02/10 01:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gerald murphy\Desktop\DHS Basketball
[2003/03/26 21:41:14 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/02/23 15:41:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 15:41:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/23 15:41:26 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/02/23 15:41:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 15:41:04 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/23 14:00:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Word 2007.lnk
[2011/02/23 10:04:40 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Outlook 2007.lnk
[2011/02/20 20:25:31 | 000,149,053 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\iw9 Instructions.pdf
[2011/02/20 20:24:59 | 000,106,097 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\fw9 Request for Taxpayer SSN.pdf
[2011/02/20 20:13:07 | 001,003,792 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\p3079 Tax Exempt Organizations and gaming.pdf
[2011/02/20 20:07:00 | 000,224,197 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\f5754 statement of person receiving gambling winnings.pdf
[2011/02/20 19:59:03 | 000,274,322 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\General instructions i1099gi.pdf
[2011/02/20 19:48:58 | 000,131,837 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\iw2g 2011 instructions.pdf
[2011/02/20 19:45:41 | 000,246,674 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\fw2g 2010.pdf
[2011/02/20 19:43:17 | 000,087,421 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\fw2g 2011.pdf
[2011/02/19 00:30:10 | 000,955,894 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\No Gum or Tabacco 1.docx
[2011/02/19 00:23:48 | 000,946,172 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\No Food or Drink 1.docx
[2011/02/17 19:08:53 | 000,037,696 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\No Gum or Tobacco.docx
[2011/02/17 19:01:18 | 000,028,096 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\No Outside Food or Drink.docx
[2011/02/17 18:53:28 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Publisher 2007.lnk
[2011/02/17 18:52:48 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\WordPerfect 10.lnk
[2011/02/17 18:42:56 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA ADMISSION PRICES.doc 2011.doc
[2011/02/17 18:28:55 | 000,868,352 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA TEAM ROOM ASSIGNMENTS 2011.doc
[2011/02/16 01:32:19 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\Student List 2-15-2011 Duplicates .xls
[2011/02/16 01:30:46 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\Student List 2-15-2011.xls
[2011/02/16 00:15:44 | 000,512,983 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Enter Here.docx
[2011/02/16 00:03:27 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\EXIT ONLY.doc
[2011/02/15 23:56:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\ENTER.doc L.doc
[2011/02/15 23:55:58 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\ENTER.doc R.doc
[2011/02/15 23:42:25 | 000,523,264 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\Hospitality Room 3.doc
[2011/02/15 22:47:31 | 000,524,800 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Rules.doc 2011.doc
[2011/02/10 03:25:29 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:07:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 02:46:57 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\SAUSAGES.doc
[2011/02/10 02:45:22 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\PAPA MURPH'S GALLEY.doc
[2011/02/10 02:42:14 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Application Data\mcs.rma
[2011/02/10 02:23:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA TEAM ROOM ASSIGNMENTS.doc
[2011/02/10 02:23:11 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\EXIT VIA.doc
[2011/02/10 02:16:30 | 000,523,264 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Restricted Acess.doc
[2011/02/10 02:01:00 | 000,011,183 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Rules 1.docx
[2011/02/10 01:38:14 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\Campus Store is Open.pub
[2011/02/08 08:58:24 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE.doc
[2011/02/08 08:55:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Sam Keehner.doc
[2011/02/08 08:55:35 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Robbie Odle.doc
[2011/02/08 08:54:49 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Jeremy Harlow.doc
[2011/02/08 08:54:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Jake Sliter.doc
[2011/02/08 08:54:04 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Doug Comstock.doc
[2011/02/08 08:45:59 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Derek Higdon.doc
[2011/02/08 08:45:05 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Corbin Maynard.doc

========== Files Created - No Company Name ==========

[2049/12/31 15:00:00 | 001,394,688 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Copy of faciltitiesformurph - alpha list.xls
[2049/12/31 15:00:00 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Directors Board 08-09.doc
[2049/12/31 15:00:00 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Basketball Equipment Checklist.doc
[2049/12/31 15:00:00 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Basketball Pre-Home Game Checklist.doc
[2049/12/31 15:00:00 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Basketball Injury Checklist.doc
[2049/12/31 15:00:00 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Basketball Post-Practice Checklist.doc
[2049/12/31 15:00:00 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Basketball Pre-Practice Checklist.doc
[2049/12/31 15:00:00 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Travel Checklist.doc
[2011/02/20 20:25:31 | 000,149,053 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\iw9 Instructions.pdf
[2011/02/20 20:24:59 | 000,106,097 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\fw9 Request for Taxpayer SSN.pdf
[2011/02/20 20:13:07 | 001,003,792 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\p3079 Tax Exempt Organizations and gaming.pdf
[2011/02/20 20:07:00 | 000,224,197 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\f5754 statement of person receiving gambling winnings.pdf
[2011/02/20 19:59:03 | 000,274,322 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\General instructions i1099gi.pdf
[2011/02/20 19:48:58 | 000,131,837 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\iw2g 2011 instructions.pdf
[2011/02/20 19:45:41 | 000,246,674 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\fw2g 2010.pdf
[2011/02/20 19:43:17 | 000,087,421 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\fw2g 2011.pdf
[2011/02/19 00:30:10 | 000,955,894 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\No Gum or Tabacco 1.docx
[2011/02/19 00:23:48 | 000,946,172 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\No Food or Drink 1.docx
[2011/02/17 19:08:53 | 000,037,696 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\No Gum or Tobacco.docx
[2011/02/17 19:01:18 | 000,028,096 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\No Outside Food or Drink.docx
[2011/02/17 18:14:06 | 000,868,352 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA TEAM ROOM ASSIGNMENTS 2011.doc
[2011/02/16 01:32:18 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Student List 2-15-2011 Duplicates .xls
[2011/02/16 01:30:45 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Student List 2-15-2011.xls
[2011/02/16 00:15:43 | 000,512,983 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Enter Here.docx
[2011/02/15 23:56:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\ENTER.doc L.doc
[2011/02/15 23:55:57 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\ENTER.doc R.doc
[2011/02/15 23:11:04 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA ADMISSION PRICES.doc 2011.doc
[2011/02/15 22:30:09 | 000,524,800 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Rules.doc 2011.doc
[2011/02/10 02:00:08 | 000,011,183 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\CSAA Rules 1.docx
[2011/02/10 01:38:14 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Campus Store is Open.pub
[2011/02/08 09:04:53 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Jeremy Harlow.doc
[2011/02/08 09:04:53 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Jake Sliter.doc
[2011/02/08 09:04:53 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Derek Higdon.doc
[2011/02/08 09:04:53 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Corbin Maynard.doc
[2011/02/08 09:04:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Sam Keehner.doc
[2011/02/08 09:04:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Robbie Odle.doc
[2011/02/08 09:04:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE - Doug Comstock.doc
[2011/02/08 09:04:53 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\BASKETBALL PLAYER PROFILE.doc
[2010/05/19 14:24:13 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\mcs.rma
[2009/12/11 11:20:05 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/19 22:41:22 | 000,037,299 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\Comma Separated Values (Windows).ADR
[2008/06/30 00:51:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/05 08:56:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/05/15 21:38:16 | 000,006,123 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/15 21:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/20 19:54:55 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/14 10:20:02 | 000,013,513 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/29 10:28:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\fusioncache.dat
[2005/10/07 10:40:41 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2005/10/07 10:40:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005/10/07 10:33:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/10/07 10:33:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/01/03 15:18:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/20 11:07:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/08 21:11:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/03/27 01:33:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2003/03/26 23:04:57 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\PFP100JPR.{PB
[2003/03/26 23:04:57 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\PFP100JCM.{PB
[2003/03/26 21:54:01 | 000,013,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\OMCI.sys
[2003/03/26 21:41:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/03/26 21:41:16 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/03/26 21:41:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/03/26 21:41:15 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/03/26 21:41:13 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/03/26 21:41:13 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/03/26 21:41:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/03/26 21:40:27 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/03/26 16:19:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >


2. MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5856

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2011 5:15:01 PM
mbam-log-2011-02-23 (17-15-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 232390
Time elapsed: 1 hour(s), 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


3. Combofix log
ComboFix 11-02-23.08 - gerald murphy 02/24/2011 10:21:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.230 [GMT -5:00]
Running from: c:\documents and settings\gerald murphy\Desktop\George.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gerald murphy\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-23 23:59 . 2011-02-23 23:59 -------- d-----w- c:\program files\Common Files\Java
2011-02-23 23:58 . 2011-02-03 02:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 23:58 . 2011-02-03 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 21:10 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-23 21:10 . 2011-02-23 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-23 21:10 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-23 20:38 . 2011-02-23 20:38 -------- d-----w- C:\_OTL
2011-02-16 02:15 . 2011-02-16 02:15 -------- d-----w- c:\windows\Performance
2011-02-16 02:15 . 2011-02-16 02:15 -------- d-----w- c:\documents and settings\gerald murphy\Local Settings\Application Data\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 00:19 . 2009-03-20 12:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2002-09-03 16:59 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-09-03 16:27 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-09-03 17:11 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-09-03 16:39 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-09-03 16:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2002-09-03 16:49 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2002-09-03 16:50 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 02:28 . 2010-11-03 20:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2002-09-03 17:07 94784 -csh--w- c:\windows\twain.dll
2010-09-18 06:53 974848 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2004-08-29 258048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2010-05-04 111952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-3 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 1a21

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/12/2010 10:52 AM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/16/2008 6:29 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/12/2010 10:52 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/12/2010 10:52 AM 271480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/12/2010 10:52 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/12/2010 10:52 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/12/2010 10:52 AM 88544]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/12/2010 10:52 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2010 10:52 AM 84264]
S4 SABKUTIL;SABKUTIL;\??\c:\documents and settings\gerald murphy\Desktop\Utilities\SABKUTIL.sys --> c:\documents and settings\gerald murphy\Desktop\Utilities\SABKUTIL.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - mfeavfk01
*Deregistered* - PROCEXP141
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2011-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 13:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://ypng.infospace.com/home.iemain/yellow-pages/redir.htm?fromform=qsearch&wqhqn=&qhqn={searchTerms}&qc=City*&qs=&x=36&y=5
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: download.microsoft.com
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: motive.com\patttbc.att
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
FF - ProfilePath - c:\documents and settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\fxo2ky67.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 10:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???"???????????????E?@?Disc Detector?A????? ?A?P?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?`???????~?B~??????????@???????????????????B?????????????????????????????????r?B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-73586283-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-24 10:39:54
ComboFix-quarantined-files.txt 2011-02-24 15:39
ComboFix2.txt 2010-05-19 15:47

Pre-Run: 55,653,601,280 bytes free
Post-Run: 55,630,385,152 bytes free

- - End Of File - - E83A0D5E93F0ECB7256CC53093D58C78
  • 0

#6
docret96
Posted 24 February 2011 - 11:40 AM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Almost forgot, when I get the reply back from virustotal.com on file C:\WINDOWS\ugazegixoretubed.dll I'll forward it to you. Again thanks for the help.

Jerry
  • 0

#7
RKinner
Posted 24 February 2011 - 11:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You should only put sites in the Trusted Zone when you absolutely must. Having microsoft.com and mcafee.com is OK tho it may not be necessary. It depends on how strictly your Internet Zone is set up. If it's the default then probably you don't need them but if you run the security settings higher than default then you might. I had OTL remove the internet from your Trusted Zone.

Combofix didn't find anything which is good. We can run a few more checks to be sure.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#8
docret96
Posted 26 February 2011 - 02:40 PM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry out of town for a day. Getting ready to do the next step you have listed. I have not heard back yet from virustotal.com about the file c:\WINDOWS\ugazegixoretubed.dll.

Jerry
  • 0

#9
docret96
Posted 01 March 2011 - 01:14 PM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Just to let you know that I am still working on the computer. I installed the Gmer.exe and ran the program. After about 2-3 hours the program seemed to hung up on site ? C:\WINDOWS\System32\Drivers\upcleanhlp.sys. I rebooted the computer, made sure that I had disengaged the McAfee Antivirus and Firewall then restarted the Gmer scan again. This time it seemed to hang up at site C:\WINDOWS\ATT Internet Tools\blsloader.exe[386] C:\WINDOWS\System32\wininet.dll. Again after waiting just at 3 hours I rebooted and started over. Third time charm. I am contributing to "Operator Error." Right now the program eset.com\online scan is running on the computer. But even with that one it stopped scan at about 57% complete with the message "stopped by user". I had turned off the McAfee Antivirus before starting because I got a warning msg that It would interfere with the eset online scan. It's running now. when all is done will post back to you. right now I'm using my Laptop from school. Again just whated to let you know that things are still moving forward. Thanks for you time and patience with me.

Jerry
  • 0

#10
docret96
Posted 01 March 2011 - 02:18 PM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Finally I think I got it right. Here are the logs.

Gmer log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-01 05:54:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75CAA0 rev.16.06V16
Running: j7zkstx1.exe; Driver: C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\awldqfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xF2F3D6D0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF84030E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF84030F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8403120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF8403176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF84030CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF84030A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF84030B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF840310A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF840314C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8403136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF84031A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF840318C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF8403160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F8403164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568F68 5 Bytes JMP F84030D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057376F 5 Bytes JMP F84030E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80574AA9 5 Bytes JMP F84030A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A81E 5 Bytes JMP F8403190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC99 7 Bytes JMP F840317A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057BC5B 7 Bytes JMP F840313A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805839B9 5 Bytes JMP F84031A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059323B 5 Bytes JMP F84030BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80595C1A 7 Bytes JMP F8403124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80597FFA 7 Bytes JMP F84030F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 8059D2BD 5 Bytes JMP F8403150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064F526 7 Bytes JMP F840310E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7AD5340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009D0000
.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\System32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009D0011
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C007D
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0062
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0051
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0040
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0025
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F41
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F5C
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F26
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00BF
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0F15
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0F9E
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F6D
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0014
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\System32\svchost.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00AE
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B005B
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0011
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0F94
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0055
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A003A
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0029
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\System32\svchost.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0022
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0011
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA00A4
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA007D
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA006C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0101
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00F0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA011C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0051
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0014
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0040
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0025
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930040
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930FAF
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930025
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930076
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FCA
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930051
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092005F
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 0092004E
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FDE
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920033
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FDE
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0090001E
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00900FC3
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006B0000
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070075
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070064
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F52
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0007009A
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700EB
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700DA
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F37
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F6F
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FB6
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F97
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA4
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB5
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0096
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF007B
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF006A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0043
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0028
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00D8
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00B1
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F6B
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0104
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FA1
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F86
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FBC
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00E9
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0014
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0F97
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB2
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FD7
.text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\lsass.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990040
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099001B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980F52
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980F6D
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980047
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980036
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980F9E
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00980084
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00980073
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009800A6
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00980095
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009800C1
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0098001B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980FDB
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00980062
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980FAF
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980FCA
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00980F21
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0066005B
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0066004A
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0066002F
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FA8
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FC8
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FE3
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AF0025
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70054
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A70F5F
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70F70
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A70039
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70FA8
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A7006F
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70F27
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70EEA
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A70F05
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A70ECF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70F97
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A70F44
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70FC3
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70FD4
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A70F16
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60FB9
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A6004A
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60F8D
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A60F9E
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C6, 88]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50038
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FB7
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A5001D
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FC8
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A5000C
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40000
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03430FEF
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03430FD4
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0343000A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0342000A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03420F81
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03420F92
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03420FAF
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03420062
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03420051
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03420F5A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 034200A2
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034200E2
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034200BD
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03420F2E
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03420FC0
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03420FEF
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03420091
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03420040
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0342002F
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03420F49
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03410FCA
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03410F83
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03410025
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0341000A
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03410040
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03410FE5
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03410F9E
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 8B]
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03410FAF
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03400FA1
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 0340002C
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0340001B
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03400FEF
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03400FBC
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03400000
.text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 033F000A
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 033A000A
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 033A001B
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 033A002C
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 033A003D
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00780FEF
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00780FC3
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00780FDE
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770FEF
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F5F
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770054
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770039
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F7C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0077001E
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0077009D
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770080
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700E4
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700BF
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F30
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770F8D
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FDE
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0077006F
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FB2
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FCD
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007700AE
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0076001B
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0076005B
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760FCA
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760FEF
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760F9E
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00760040
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FAF
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750047
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750036
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750000
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750FEF
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0075001B
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FD2
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0014
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90062
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F6D
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F7E
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9007D
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F41
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900A2
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F09
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90EE4
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F5C
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F1A
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80F97
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80FA8
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70049
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FBE
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7001D
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FE3
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70038
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1536] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1536] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[1536] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F60011
.text C:\WINDOWS\system32\svchost.exe[1536] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00F60022
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00840000
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00840011
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00840FE5
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00830FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00830F8A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00830075
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00830058
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00830047
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00830FAF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008300C8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008300B7
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00830112
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00830F6F
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00830123
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00830036
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00830FD4
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0083009A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00830011
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00830000
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008300E3
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00810FB7
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810042
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0081001D
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00810000
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810FC8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00810FE3
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00820FB9
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820040
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0082000A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820FDE
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00820F83
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00820FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00820F94
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A2, 88]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0082001B
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00800000
.text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006D0FCD
.text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D0FDE
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FE5
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0080
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C005B
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0F81
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C004A
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C002F
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F4E
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0F5F
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F22
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00BB
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0F11
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0FA8
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0F70
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FB9
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0F3D
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F6F
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0F94
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0FA5
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0036
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0064
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A003F
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A001D
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A002E
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[1812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0069000A
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006E0F4B
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006E0F66
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006E0040
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006E0F8D
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006E0025
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006E0067
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006E0F1F
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006E0078
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006E0EE9
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006E0ECE
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006E0F9E
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E0FDB
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006E0F30
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006E0FB9
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006E0FCA
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006E0F04
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006D0036
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006D0F79
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006D0025
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006D0F94
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006D0FA5
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8D, 88]
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C002E
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FAD
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C001D
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FE3
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0FBE
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\system32\SearchIndexer.exe[1920] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 018A0000
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 018A0022
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 018A0011
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01880FEF
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01880096
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01880F97
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01880071
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01880FA8
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01880FB9
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018800CC
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018800B1
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018800E7
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01880F58
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01880102
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0188004A
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01880000
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01880F86
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01880FCA
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0188001B
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01880F69
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01740FB2
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01740039
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01740FC3
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01740FD4
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01740F7C
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01740FEF
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01740F8D
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [94, 89]
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01740014
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30F81
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30FA6
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FC1
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FE3
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30016
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30FD2
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F1000A
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F10025
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\Explorer.EXE[1984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20000
.text C:\WINDOWS\System32\svchost.exe[3840] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[3840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009000A
.text C:\WINDOWS\System32\svchost.exe[3840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0078
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F83
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B005D
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0040
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0093
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00C9
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B8
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00E4
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B002F
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F68
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F3A
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0025
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0065
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FB9
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0040
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0047
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0036
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FD7
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FC6
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0011
.text C:\WINDOWS\System32\svchost.exe[3840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0FE5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


MBRCheck log
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8CF6000 \WINDOWS\system32\KDCOM.DLL
0xF8C06000 \WINDOWS\system32\BOOTVID.dll
0xF87A7000 ACPI.sys
0xF8CF8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8796000 pci.sys
0xF87F6000 isapnp.sys
0xF8CFA000 intelide.sys
0xF8A76000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8806000 MountMgr.sys
0xF8777000 ftdisk.sys
0xF8A7E000 PartMgr.sys
0xF8816000 VolSnap.sys
0xF875F000 atapi.sys
0xF8826000 disk.sys
0xF8836000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF873F000 fltmgr.sys
0xF872D000 sr.sys
0xF86D0000 mfehidk.sys
0xF86B9000 KSecDD.sys
0xF862C000 Ntfs.sys
0xF85FF000 NDIS.sys
0xF85E5000 Mup.sys
0xF8846000 agp440.sys
0xF8966000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7628000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7614000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8B96000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF75F0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8B9E000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF75BA000 \SystemRoot\System32\DRIVERS\HSFBS2S2.sys
0xF7597000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7498000 \SystemRoot\System32\DRIVERS\HSFDPSP2.sys
0xF73F0000 \SystemRoot\System32\DRIVERS\HSFCXTS2.sys
0xF8BA6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF72B4000 \SystemRoot\system32\drivers\P16X.sys
0xF7290000 \SystemRoot\system32\drivers\portcls.sys
0xF8976000 \SystemRoot\system32\drivers\drmk.sys
0xF8C9E000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF726D000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8BAE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8986000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8BB6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8996000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8CA6000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7259000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8CAA000 \SystemRoot\system32\drivers\pfc.sys
0xF8A16000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF89A6000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF89B6000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF723C000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF8BBE000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF89C6000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8E44000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7228000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF89D6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8CBE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7211000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF781E000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8BC6000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7200000 \SystemRoot\System32\DRIVERS\psched.sys
0xF780E000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF71DC000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF7191000 \SystemRoot\system32\drivers\mfefirek.sys
0xF8BCE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8BD6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77FE000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8BDE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8D4E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF710B000 \SystemRoot\System32\DRIVERS\update.sys
0xF85B0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8AB6000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF778E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF89F6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8D5E000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7CD3000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8B1E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8D7E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E6F000 \SystemRoot\System32\Drivers\Null.SYS
0xF8D80000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8AE6000 \SystemRoot\System32\drivers\vga.sys
0xF8D82000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8D84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5213000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF8B2E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8B36000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF51CE000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF7179000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5181000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5128000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5115000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF50EF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF50C7000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8CF2000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF50A5000 \SystemRoot\System32\drivers\afd.sys
0xF88F6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF507A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5E12000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF4FE2000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF88D6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8916000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5E0A000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF8A26000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF8B3E000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF5E02000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF8B7E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF85AC000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF8B76000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF52B6000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF52A6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF8926000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF5336000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF53A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBA2A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8DA4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE762000 \SystemRoot\System32\drivers\Dxapi.sys
0xEC55C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF1173000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF41F000 \SystemRoot\System32\ATMFD.DLL
0xF8C8E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEBB04000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0D6E000 \SystemRoot\system32\drivers\sysaudio.sys
0xEBC17000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xED54C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEC18D000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xEC170000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xEC0E8000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xEC090000 \SystemRoot\System32\DRIVERS\srv.sys
0xEC074000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF03F4000 \??\C:\WINDOWS\System32\PfModNT.sys
0xEC3FF000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xEBE76000 \SystemRoot\System32\DRIVERS\HSF_SPKP.sys
0xF07C1000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xEC2D7000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xEBF4C000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xEC9FA000 \SystemRoot\System32\Drivers\HTTP.sys
0xED6C6000 \SystemRoot\system32\drivers\cfwids.sys
0xEDA17000 \SystemRoot\system32\drivers\mfeapfk.sys
0xEC50C000 \SystemRoot\system32\drivers\mfebopk.sys
0xED9F3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xED9C8000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
944 C:\WINDOWS\system32\smss.exe
996 csrss.exe
1020 C:\WINDOWS\system32\winlogon.exe
1064 C:\WINDOWS\system32\services.exe
1076 C:\WINDOWS\system32\lsass.exe
1232 C:\WINDOWS\system32\svchost.exe
1316 svchost.exe
1440 C:\WINDOWS\system32\svchost.exe
1492 svchost.exe
1540 svchost.exe
2004 C:\WINDOWS\system32\spoolsv.exe
104 C:\WINDOWS\explorer.exe
400 C:\Program Files\ATT Internet Tools\blsloader.exe
436 C:\Program Files\McAfee.com\Agent\mcagent.exe
464 C:\Program Files\Creative\ShareDLL\CTNotify.exe
472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
480 C:\Program Files\iISystem Wiper\SystemWiper.exe
556 C:\WINDOWS\system32\ctfmon.exe
576 C:\Program Files\Creative\ShareDLL\Mediadet.exe
752 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
764 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
912 svchost.exe
952 C:\WINDOWS\system32\CTsvcCDA.EXE
1080 C:\Program Files\Java\jre6\bin\jqs.exe
1264 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1488 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
1632 C:\Program Files\Common Files\Motive\McciCMService.exe
1476 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1120 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1804 sqlservr.exe
1884 C:\WINDOWS\system32\svchost.exe
1956 C:\WINDOWS\system32\nvsvc32.exe
2040 C:\WINDOWS\system32\svchost.exe
344 sqlbrowser.exe
516 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
704 C:\WINDOWS\system32\svchost.exe
736 C:\Program Files\UPHClean\uphclean.exe
500 C:\WINDOWS\system32\MsPMSPSv.exe
868 C:\WINDOWS\system32\searchindexer.exe
2220 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2312 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2180 alg.exe
3020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3404 C:\WINDOWS\system32\svchost.exe
3112 C:\Program Files\Internet Explorer\iexplore.exe
1068 C:\Program Files\Internet Explorer\iexplore.exe
3568 C:\WINDOWS\system32\searchprotocolhost.exe
1824 searchfilterhost.exe
900 C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75CAA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

QuickScan log

QuickScan Beta 32-bit v0.9.9.77
-------------------------------
Scan date: Tue Mar 01 14:45:58 2011
Machine ID: 707AB383



No infection found.
-------------------



Processes
---------
(unsigned) Creative Disc Detector 464 C:\Program Files\Creative\ShareDLL\CTNotify.exe
(unsigned) Creative Disc Detector 576 C:\Program Files\Creative\ShareDLL\Mediadet.exe
(unsigned) Creative Service for CDROM Access 952 C:\WINDOWS\system32\CTsvcCDA.EXE
(unsigned) hp digital imaging - hp all-in-one seri 1488 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(unsigned) iISystem Wiper 480 C:\Program Files\iISystem Wiper\SystemWiper.exe
(unsigned) mcci+McciCMService 1632 C:\Program Files\Common Files\Motive\McciCMService.exe
(unsigned) Microsoft ® DRM 500 C:\WINDOWS\system32\MsPMSPSv.exe
(unsigned) QuickBooks Automatic Update 752 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(unsigned) User Profile Hive Cleanup Service 736 C:\Program Files\UPHClean\uphclean.exe

(verified) AT&T Parental Controls 400 C:\Program Files\ATT Internet Tools\blsloader.exe
(verified) hp digital imaging 3020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(verified) Java™ Platform SE 6 U24 1080 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java™ Platform SE Auto Updater 2 0 472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) McAfee Integrated Security Platform 1476 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(verified) McAfee SecurityCenter 436 C:\Program Files\McAfee.com\Agent\mcagent.exe
(verified) McAfee SiteAdvisor 1264 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(verified) Microsoft SQL Server 344 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(verified) Microsoft SQL Server 516 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(verified) Microsoft SQL Server 1804 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(verified) Microsoft® Windows® Operating System 764 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System 104 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2180 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 2004 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1440 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1492 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1540 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 912 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1884 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2040 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 704 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3404 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 3852 C:\WINDOWS\system32\wscntfy.exe
(verified) NVIDIA Driver Helper Service, Version 5 1956 C:\WINDOWS\system32\nvsvc32.exe
(verified) SYSCORE 2312 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(verified) SYSCORE 1120 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(verified) VSCORE 2220 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(verified) Windows® Internet Explorer 1068 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3112 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process svchost.exe (1316) listens on ports: 135 (RPC)
Process McSvHost.exe (1476) listens on ports: 6646
Process svchost.exe (1540) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
(unsigned) Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(unsigned) Creative Disc Detector C:\Program Files\Creative\ShareDLL\CTNotify.exe
(unsigned) hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
(unsigned) iISystem Wiper C:\Program Files\iISystem Wiper\SystemWiper.exe
(unsigned) Microsoft Plus! for Windows XP C:\WINDOWS\System32\plusspac.scr
(unsigned) QuickBooks Automatic Update C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(unsigned) Windows® Search C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) AT&T Parental Controls C:\Program Files\ATT Internet Tools\blsloader.exe
(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
(verified) Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
(unsigned) Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\Uploader.exe
(unsigned) Microsoft ® Visual C++ C:\WINDOWS\Downloaded Program Files\atl.dll
(unsigned) Motive Plugin C:\Program Files\Common Files\Motive\npMotive.dll
(unsigned) Supportability C:\WINDOWS\Downloaded Program Files\SupportabilityFramework.dll
(unsigned) tgctlcm Module C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
(unsigned) TODO: <Product name> C:\WINDOWS\Downloaded Program Files\MVTFrameworkWrapper.dll
(unsigned) TODO: <Product name> C:\WINDOWS\Downloaded Program Files\MVTPlugins.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
(verified) GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
(verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) McAfee Am I Up To Date? C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll
(verified) McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll
(verified) McAfee Virtual Technician C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McContentMgr.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McLogMgr.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McPlugins.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McProdMgr.dll
(verified) McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\MVT.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft ® Visual C++ C:\WINDOWS\Downloaded Program Files\msvcp60.dll
(verified) Microsoft ® Windows ® 95, Windows ( C:\WINDOWS\Downloaded Program Files\unicows.dll
(verified) Microsoft Support Diagnostic Tool C:\WINDOWS\Downloaded Program Files\MSDCode.DLL
(verified) Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) mskapbho.dll c:\program files\mcafee\msk\mskapbho.dll
(verified) RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
(verified) sprthelper Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sprthelper.exe
(verified) tgctlcm Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\tgctlcm.dll
(verified) VSCORE C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103162139.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Scan
----
(unsigned) MD5: 0a352c2a4d03ad766adf41c86a5b0ea4 C:\Program Files\ATT Internet Tools\blshook_win32.dll
(unsigned) MD5: c22aa4f619ded8055d66b56cccb8b346 C:\Program Files\ATT Internet Tools\blspc_win32.dll
(unsigned) MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(unsigned) MD5: f5dd097058c147cde4c5aa476b2f3f2c C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
(unsigned) MD5: 82ae62c028e3891a9f916a2ebcebe451 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll
(unsigned) MD5: 5a95d6fd0d4c2f9da2409a19cf15c3cb C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll
(unsigned) MD5: 61d6d25088621dd783e23fcad891c756 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll
(unsigned) MD5: 28957d38b5b769c2ed64795ff8c968ce C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(unsigned) MD5: b5c7aee98577e442849b7cf1100bfa1c C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\SendError.dll
(unsigned) MD5: 6ba6b84f0fe21a77bb91c409ae7c9c29 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_vc746.dll
(unsigned) MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
(unsigned) MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\Program Files\Common Files\Motive\MREMP50.sys
(unsigned) MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\Program Files\Common Files\Motive\MRESP50.sys
(unsigned) MD5: eb260e1beb8f174d8bb77436bae53bde C:\Program Files\Common Files\Motive\npMotive.dll
(unsigned) MD5: 927d803997bda7a450b743e378ea47d0 C:\Program Files\Creative\ShareDLL\CTCDPwr.dll
(unsigned) MD5: f37e46a0fa4588d66469605346590667 C:\Program Files\Creative\ShareDLL\CTNotify.exe
(unsigned) MD5: 9f657042adbd2a9a86db3a594a94841c C:\Program Files\Creative\ShareDLL\Mediadet.exe
(unsigned) MD5: 4534b919b89b56655d3a2c22e34f933b C:\Program Files\HP\Digital Imaging\bin\crm\hpqcrmcm.dll
(unsigned) MD5: a7a0371c6c7f0a02b5668a0f504a23cb C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
(unsigned) MD5: 6906658f82de4c3f9538b189d93597c2 C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
(unsigned) MD5: 3b5f0bf4125688a531fa21c823ea6193 C:\Program Files\HP\Digital Imaging\bin\dbghelp.dll
(unsigned) MD5: c0c1eab9cc9b3b9511ae2f2be17056e4 C:\Program Files\HP\Digital Imaging\bin\en\hpqgalry.resources.dll
(unsigned) MD5: a34c780ad37dff4fb363a8e5ad1fc175 C:\Program Files\HP\Digital Imaging\bin\en\hpqmirsc.resources.dll
(unsigned) MD5: 698ecb521f47a5e7153085223dcc0d9d C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
(unsigned) MD5: fee3c7e545ee5d0953702e1916cc2bfa C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
(unsigned) MD5: 08a65022ffed1c2eba7318e877b4567f C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
(unsigned) MD5: d15f4b9b1d02ec9cdbff8d2caad9b9c5 C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
(unsigned) MD5: b828b8620cab7fc4d6865a30fb650049 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(unsigned) MD5: a5261c4e83d9b53c1815f7503199af35 C:\Program Files\HP\Digital Imaging\bin\hpqimgr.dll
(unsigned) MD5: 2dca176493ce5a381fb5e9972188852d C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll
(unsigned) MD5: 95e92090394c815f82b0aed330500b1a C:\Program Files\HP\Digital Imaging\bin\hpqmirsc.dll
(unsigned) MD5: ba469be297a955e19f4bafb843bf103a C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
(unsigned) MD5: f54e6a895cc1ddaffddfd45429d7774c C:\Program Files\HP\Digital Imaging\bin\hpqste08.rsc
(unsigned) MD5: 2207e5283450a56911239172665515b2 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
(unsigned) MD5: e7a0224ad7d35c1b24a7d6814d5b6b61 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
(unsigned) MD5: fa58e0a988d68b9db8a7db9f2087eab6 C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
(unsigned) MD5: 91c0436bd6cb73370895ef33c1c9cb47 C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
(unsigned) MD5: e2cd12a09aab75b19123e4ab807b2d25 C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll
(unsigned) MD5: 2819f1098749b4a47041d0a7a6d1c454 C:\Program Files\iISystem Wiper\SystemWiper.exe
(unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: 3f9a3232e5f942874488981f3242c989 C:\Program Files\UPHClean\uphclean.exe
(unsigned) MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
(unsigned) MD5: a1b44c0a1ad71f86579a4521d5b1c024 C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
(unsigned) MD5: bc77758ded7a9e0128937a490be11bea C:\WINDOWS\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
(unsigned) MD5: 597a11165ed1b357c6776c52de3f608c C:\WINDOWS\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
(unsigned) MD5: ddbff36c9c1fe06198f6b58d26bf4e15 C:\WINDOWS\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
(unsigned) MD5: a67a023557323e5ca568383228506167 C:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
(unsigned) MD5: 775f9af75dfbdbf74a8cd0fbf2f1c328 C:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
(unsigned) MD5: 2b855f89fca1df10353f108ac2b55b4e C:\WINDOWS\assembly\GAC\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
(unsigned) MD5: e99e5a7b19e31e8713c5be557894509f C:\WINDOWS\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
(unsigned) MD5: 3838a46b043209d6113e1db6e0a82975 C:\WINDOWS\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
(unsigned) MD5: 0e8254639dedef3f5387e1f05c305ca5 C:\WINDOWS\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
(unsigned) MD5: 16105fe2451f233e547303034e2618e0 C:\WINDOWS\assembly\GAC\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
(unsigned) MD5: c7968e26f2ea5393e720f24164b7fa37 C:\WINDOWS\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
(unsigned) MD5: 5f2599319f6622f311a6ae4e590fd81a C:\WINDOWS\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
(unsigned) MD5: 292a4b5be5db485e7088955f34586878 C:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
(unsigned) MD5: 77a6b4360966cfee517adad807892792 C:\WINDOWS\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
(unsigned) MD5: 0ba7450557844966591ff53962612514 C:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
(unsigned) MD5: 64c95fa25ee226d60abe723c1d1e4fb2 C:\WINDOWS\assembly\GAC\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
(unsigned) MD5: d6fdfe5b352403ad6c0de3293ba669ff C:\WINDOWS\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
(unsigned) MD5: 196f5c5a8537ee4e4c4661b9c8e8d028 C:\WINDOWS\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
(unsigned) MD5: ec5c685acad87936b790064aaf87788e C:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
(unsigned) MD5: 3dfe9b36b310582160bf0f081e51bc04 C:\WINDOWS\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
(unsigned) MD5: f27508b6da412e005a732767dcb2b32f C:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.dll
(unsigned) MD5: 656421105e87f4ece5633d0061412a88 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.dll
(unsigned) MD5: 1497069481fda6967436cf5096e93b05 C:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.66__9cf889f53ea9b907\LEAD.Wrapper.dll
(unsigned) MD5: 26aaf8560af2857b411e16587f5e21a4 C:\WINDOWS\assembly\GAC\LEAD\13.0.0.66__9cf889f53ea9b907\LEAD.dll
(unsigned) MD5: bcf15390de7368639c593735bf938d7a C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
(unsigned) MD5: 2814e9bdb75088c0b4cf6c1123f6ec8e C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
(unsigned) MD5: a5205b3af85b1477ab2c2a1e12201598 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
(unsigned) MD5: 9921697afaa1349535316a346d87bb78 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
(unsigned) MD5: 4a0952cc15fc52b30ac353658e56a453 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2808e9f7\mscorlib.dll
(unsigned) MD5: 26a9a199776635d7410df0054e262e8c C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0444a1cb\System.Drawing.dll
(unsigned) MD5: ea8e9653fdfb13680a1bb73433ecd10a C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f86ab216\System.Windows.Forms.dll
(unsigned) MD5: 6c0ae17bc291d57b21ce50af44df2df9 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3bb33cce\System.Xml.dll
(unsigned) MD5: 71401a8b95e19bcb169465dc913df416 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_19d77fe0\System.dll
(unsigned) MD5: 6cbcd3924eb35d21d6515f0606817e66 C:\WINDOWS\Downloaded Program Files\atl.dll
(unsigned) MD5: a9be2730048263a87bee166d0623ae9a C:\WINDOWS\Downloaded Program Files\MVTFrameworkWrapper.dll
(unsigned) MD5: c5e0eb187e763a4c6220c1c46fc7efa2 C:\WINDOWS\Downloaded Program Files\MVTPlugins.dll
(unsigned) MD5: f6b82cc81cdde59232af52d20d2ce209 C:\WINDOWS\Downloaded Program Files\SupportabilityFramework.dll
(unsigned) MD5: ba653cce1544a8224b5134b68d1aa5be C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
(unsigned) MD5: 9deb8c5bf6aeca9db194cace96ff0d71 C:\WINDOWS\Downloaded Program Files\Uploader.exe
(unsigned) MD5: 3c923e1911ced5802c3bdb9ce18f64da C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
(unsigned) MD5: 0a8d6fe9110a23a2e561dd570c3b0508 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
(unsigned) MD5: 2f67c092a56f2814be4c75ede8d1e176 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
(unsigned) MD5: 1a692dbdac7a578187e0a94a850a6240 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
(unsigned) MD5: 74d879f95a0249e7007f6d94bd069c32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
(unsigned) MD5: 19e3c104d2bb0eb1c5d947a40f5c77e0 C:\WINDOWS\system32\CTDetres.dll
(unsigned) MD5: 3c8b6609712f4ff78e521f6dcfc4032b C:\WINDOWS\system32\CTsvcCDA.EXE
(unsigned) MD5: 44a3774e1cfc72c71b044be54bec588c C:\WINDOWS\system32\drivers\Cdr4_xp.sys
(unsigned) MD5: e0cf12de9723109b15bd89845e36c8bb C:\WINDOWS\system32\drivers\Cdralw2k.sys
(unsigned) MD5: bce04a21510e721aaba3f893b6770c12 C:\WINDOWS\system32\drivers\CDUDF_XP.sys
(unsigned) MD5: f5ca443d58a53de968685ee43fbe8f17 C:\WINDOWS\system32\drivers\DVD_2K.sys
(unsigned) MD5: 2739df798b44809407879e9134233de4 C:\WINDOWS\system32\drivers\mmc_2K.sys
(unsigned) MD5: 88f57a15b786bf2af9458f7903768085 C:\WINDOWS\system32\drivers\MxlW2k.sys
(unsigned) MD5: 9c8d2792e4b2997880beda53e4f75e93 C:\WINDOWS\system32\drivers\OMCI.sys
(unsigned) MD5: ed2e7f396b4098608c95bc3806bdf6fc C:\WINDOWS\system32\drivers\pfc.sys
(unsigned) MD5: 2e162e3856c9c6a3b53e0ece28386fe3 C:\WINDOWS\system32\drivers\pwd_2k.sys
(unsigned) MD5: e398bde2e6c978f357faedff784ffd70 C:\WINDOWS\system32\drivers\UDFREADR_XP.sys
(unsigned) MD5: bb14307b29ea221a30a97150e6e7282c C:\WINDOWS\system32\EBPMON2.DLL
(unsigned) MD5: adbb61bf0b9c97de818090738ec71e57 C:\WINDOWS\system32\HPTcpMib.dll
(unsigned) MD5: 4e460240cb29778f5f8c1feb38806679 C:\WINDOWS\system32\HPTcpMon.dll
(unsigned) MD5: e2a611081dc6d6a13ad3a9dd2f291f30 C:\WINDOWS\system32\HPTcpMUI.dll
(unsigned) MD5: f4624c7d2136d279174e0f09fbd9130e C:\WINDOWS\system32\HPZidr12.dll
(unsigned) MD5: 9eac175ba34898308620c1984c881845 C:\WINDOWS\system32\HPZinw12.dll
(unsigned) MD5: 75cf9de0a67af916ed591743dfb69694 C:\WINDOWS\system32\HPZipm12.dll
(unsigned) MD5: c9bd323b1bdbfeeebfc204b574fdb5a1 C:\WINDOWS\system32\HPZipr12.dll
(unsigned) MD5: ee142789631138c42112b5b757dde6a9 C:\WINDOWS\system32\hpzjrd01.dll
(unsigned) MD5: 900e7e6601b14c8d8640d02a70d37e59 C:\WINDOWS\system32\hpzsnt10.dll
(unsigned) MD5: 7ef7d22a23d5e8a20f2361ecaa77a26e C:\WINDOWS\system32\InetClnt.dll
(unsigned) MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
(unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\mfc71.dll
(unsigned) MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
(unsigned) MD5: 581176f60885aef8f78c6e38dcc3cdf9 C:\WINDOWS\system32\MsPMSPSv.exe
(unsigned) MD5: 6e914eedd145c5acce56f4d5f3d606fc C:\WINDOWS\system32\mssph.dll
(unsigned) MD5: 2f5532f9b0f903b26847da674b4f55b2 C:\WINDOWS\System32\PfModNT.sys
(unsigned) MD5: 2abbf53500fb0ad026b3bc9181c7eca1 C:\WINDOWS\System32\plusspac.scr
(unsigned) MD5: b79dfc03561b3c5f3260875b865204d2 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku10.dll
(unsigned) MD5: 7515cb127af53bf7eb18d49314007c02 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm310.dll
(unsigned) MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\vmhelper.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0444a1cb\System.Drawing.dll
C:\WINDOWS\system32\drivers\OMCI.sys

Upload started - 2 file(s)
OMCI.sys (13632)
System.Drawing.dll (835584)
Upload speed - 42 KB/s
Upload finished - 2 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 21 sec
Total traffic - 0.88 MB sent, 2.00 KB recvd
Scanned 1419 files and modules - 245 seconds

==============================================================================
ESETScan log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=eae302a80850f14e9d1814123dcecb89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-01 06:32:02
# local_time=2011-03-01 01:32:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 26042555 26042555 0 0
# compatibility_mode=5121 16777173 100 75 1518277 28155554 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=21565
# found=0
# cleaned=0
# scan_time=2896
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=eae302a80850f14e9d1814123dcecb89
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-01 07:39:46
# local_time=2011-03-01 02:39:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 26045927 26045927 0 0
# compatibility_mode=5121 16777189 100 75 1521649 28158926 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=35654
# found=1
# cleaned=1
# scan_time=3588
C:\Qoobox\Quarantine\C\Documents and Settings\gerald murphy\Local Settings\Application Data\{249090E2-801D-4625-A06B-0ED72EFD06E8}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251


Still have not heard back from virustotal.com about C:\WINDOWS\ugazegixoretubed.dll, will try again and post if I get a response.

Jerry
  • 0

#11
RKinner
Posted 01 March 2011 - 03:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't worry about the file for virustotal. I'm sure it was bad.

The only thing I see in your logs is that UPHClean.sys has gone missing. You can uninstall UPHClean then download it and install it from:


http://www.microsoft...&displaylang=en

How is it running?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP