Solved Search engine redirect / jump

B

Beachmtn01

Posts: 14   +0
I have begun the eight step process and have the requested logs below:

Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5999

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2011 11:43:00 PM
mbam-log-2011-03-12 (23-43-00).txt

Scan type: Quick scan
Objects scanned: 173342
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-13 13:03:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST325082 rev.3.AD
Running: n8bxlbf4.exe; Driver: C:\DOCUME~1\Jesse\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E100E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E100F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E10120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E10176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E100CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E100A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E100B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E1010A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E1014C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E10136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E101A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E1018C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E10160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9E10164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9E1017A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9E10190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9E10150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9E100A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9E100BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9E101A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9E1013A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9E1010E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9E100E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9E100F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9E10124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9E100D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0084
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0073
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD00C3
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD00B2
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F2A
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F3B
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0F19
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0095
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0047
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F60
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FB9
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A003D
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FD4
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A002C
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FEF
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 003A001B
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0F94
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390033
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390022
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390FBC
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FE3
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390011
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390000
.text C:\WINDOWS\system32\svchost.exe[440] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00370FEF
.text C:\WINDOWS\system32\svchost.exe[440] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00370000
.text C:\WINDOWS\system32\svchost.exe[440] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00370FC0
.text C:\WINDOWS\system32\svchost.exe[440] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00370011
.text C:\WINDOWS\system32\svchost.exe[440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00380FE5
.text C:\WINDOWS\Explorer.EXE[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01730FEF
.text C:\WINDOWS\Explorer.EXE[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0173002F
.text C:\WINDOWS\Explorer.EXE[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0173000A
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01700FEF
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01700F72
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01700F8D
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01700F9E
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0170005B
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01700FC3
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017000AE
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0170009D
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01700F37
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017000DA
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01700F1C
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0170004A
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01700014
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0170008C
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01700FD4
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01700025
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017000C9
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 016F001E
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 016F0054
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 016F0FC3
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 016F0FDE
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 016F0F97
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 016F0FEF
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 016F0043
.text C:\WINDOWS\Explorer.EXE[612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 016F0FB2
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02690FAD
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!system 77C293C7 5 Bytes JMP 02690042
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0269001D
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02690000
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02690FC8
.text C:\WINDOWS\Explorer.EXE[612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02690FE3
.text C:\WINDOWS\Explorer.EXE[612] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02610000
.text C:\WINDOWS\Explorer.EXE[612] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02610FDB
.text C:\WINDOWS\Explorer.EXE[612] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02610011
.text C:\WINDOWS\Explorer.EXE[612] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 02610FC0
.text C:\WINDOWS\Explorer.EXE[612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02680000
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0091004A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091002F
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F57
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910F72
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F2E
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910076
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F09
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100A2
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910EEE
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910F83
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0091005B
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FAF
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910091
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0047
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0FB6
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD002C
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0FD1
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FD0073
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0058
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940FB2
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940033
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940018
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940FC3
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FDE
.text C:\WINDOWS\system32\services.exe[1128] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E800BD
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E800A2
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80091
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E8005B
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80FA3
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E800EB
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80121
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80F88
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F77
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80076
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E800CE
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E8004A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80106
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50F86
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FCD
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5004D
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50FA1
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C5001E
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40027
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40016
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FB7
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FE3
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40F9C
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC0FDB
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F55
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F7A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0054
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0043
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB001E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F0C
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F1D
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB009B
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB008A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB00B6
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0F97
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0F44
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0FB2
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FCD
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB006F
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF007D
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF0062
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF0051
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0036
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0FAF
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0044
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0033
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE007C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE006B
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0050
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F91
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F60
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00A8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F3B
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE00D4
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00E5
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0033
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE008D
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00C3
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010F003D
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010F0FB6
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010F002C
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010F001B
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010F0FC7
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010F000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010F0073
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010F0058
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010E0025
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E0F9A
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010E0FC6
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010E0FE3
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010E0FB5
.text C:\WINDOWS\system32\svchost.exe[1472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010E0000
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010D0FE5
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F6F
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF005A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0049
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F80
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00A4
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0089
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F1C
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!
 
Continued...

CreateProcessA 7C80236B 5 Bytes JMP 00BF0F2D
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0F01
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0F9B
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F5E
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F97
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0014
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FBE
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0049
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD002E
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0011
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01B10000
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01B10FE5
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01B1001B
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B00FEF
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01B00F38
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01B00F53
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01B00F64
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01B00F75
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01B00F97
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01B00074
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01B00059
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01B00EE5
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01B00F00
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01B0008F
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01B00F86
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01B00FD4
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!
CreatePipe 7C81D83F 5 Bytes JMP 01B00048
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01B00FA8
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01B00FB9
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01B00F11
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02C50051
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02C50087
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02C50036
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02C50025
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02C50FCA
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02C5000A
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02C5006C
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02C50FE5
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02C40053
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 02C40FBE
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02C40FE3
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02C40000
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02C4002E
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02C4001D
.text C:\WINDOWS\System32\svchost.exe[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B30FE5
.text C:\WINDOWS\System32\svchost.exe[1600] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01B20FEF
.text C:\WINDOWS\System32\svchost.exe[1600] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01B2000A
.text C:\WINDOWS\System32\svchost.exe[1600] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01B20FDE
.text C:\WINDOWS\System32\svchost.exe[1600] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01B20FCD
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00380000
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00380011
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00380FE5
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00370FEF
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00370053
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00370042
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0037001B
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00370F68
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037000A
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00370F30
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00370F4D
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003700B5
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003700A4
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003700D0
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00370F83
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00370FD4
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0037006E
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00370FA8
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00370FB9
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00370093
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A002C
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0F8A
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A001B
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FDB
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0051
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0000
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0FA5
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0FC0
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390031
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390FA6
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390016
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FE3
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FC1
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FD2
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00880FE5
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00880FC3
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00880FD4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0082005B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00820040
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00820F72
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00820F83
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00820025
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00820F37
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00820089
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00820EF0
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00820F01
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00820EDF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00820F94
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0082006C
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00820FC3
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00820F26
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0F83
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B001B
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0F9E
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0FAF
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AB, 88]
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0040
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0FA3
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A002E
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FD9
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A0FC8
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A001D
.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0089000A
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EF0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EF0FAF
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF0FCA
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE0F75
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0F86
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0054
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0F97
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE0FB2
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE0F2C
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE0F49
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE0099
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0F00
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE00B4
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE0039
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE000A
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE0F5A
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE0FCD
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE0FDE
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!WinExec 7C86250D 1 Byte [E9]
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE0F11
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC0044
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0FC3
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC0029
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC0FD4
.text C:\Program Files\Messenger\msmsgs.exe[1800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0018
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00ED0FD4
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00ED0F90
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00ED002F
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00ED0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00ED0FA1
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00ED000A
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00ED0FB2
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0D, 89]
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00ED0FC3
.text C:\Program Files\Messenger\msmsgs.exe[1800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EA0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1800] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EA0014
.text C:\Program Files\Messenger\msmsgs.exe[1800] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EA002F
.text C:\Program Files\Messenger\msmsgs.exe[1800] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00EA0040
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E007B
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0060
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0F86
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0043
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E001E
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F55
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E009D
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0F29
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E0F44
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E00DD
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0F97
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E0FDE
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E008C
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0FA8
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E00C2
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0082003D
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820FB6
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00820022
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820011
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00820073
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00820000
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00820FD1
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A2, 88]
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0082004E
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0081006E
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810FE3
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0081002E
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810049
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0081001D
.text C:\WINDOWS\system32\svchost.exe[1920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0080000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\System32\svchost.exe[2888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\System32\svchost.exe[2888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0000
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E00BF
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0098
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0FDB
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E006C
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F92
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0FAF
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0F66
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E0F81
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E011A
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E007D
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E001B
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E00DA
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0051
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0036
.text C:\WINDOWS\System32\svchost.exe[2888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E00FF
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0036
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0FA8
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D001B
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0FB9
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D000A
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007D0FD4
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 88]
.text C:\WINDOWS\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D005B
.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0077
.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E005C
 
Continued Pt. 2

.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E003A
.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E004B
.text C:\WINDOWS\System32\svchost.exe[2888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E001D
.text C:\WINDOWS\System32\svchost.exe[2888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\System32\svchost.exe[2916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\System32\svchost.exe[2916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E0F6B
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0060
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0F86
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0FA1
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0FB2
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F33
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F44
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0F18
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E00B1
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E00D6
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0043
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E0000
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E007B
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\System32\svchost.exe[2916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E00A0
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0025
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D004A
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FCA
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0F97
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0000
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007D0FA8
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 88]
.text C:\WINDOWS\System32\svchost.exe[2916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0FB9
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0F90
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FC6
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FAB
.text C:\WINDOWS\System32\svchost.exe[2916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[2916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F70
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F81
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00036
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F2E
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000C7
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000AC
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F1D
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00F55
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00091
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0022
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0F80
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0011
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F9B
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CF0FAC
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0033
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0F9C
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0027
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FD2
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FB7
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE000C
.text C:\WINDOWS\system32\svchost.exe[3108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[3188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[3188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[3188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D90F87
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D9007C
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D9005F
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D9004E
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D90FB6
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D900C3
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D900B2
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90F45
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D900DE
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D90F34
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D9003D
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D900A1
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D90FD1
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D90022
.text C:\WINDOWS\system32\svchost.exe[3188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D90F6A
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00820025
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0082004A
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820014
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00820F8D
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00820FA8
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A2, 88]
.text C:\WINDOWS\system32\svchost.exe[3188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00820FC3
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00810042
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810031
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00810FD2
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0081000C
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810FB7
.text C:\WINDOWS\system32\svchost.exe[3188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00810FE3
.text C:\WINDOWS\system32\dllhost.exe[3704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\dllhost.exe[3704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090025
.text C:\WINDOWS\system32\dllhost.exe[3704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00AE
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B009D
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B008C
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B006F
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00BF
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00FC
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00EB
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B010D
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\dllhost.exe[3704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00D0
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0F9A
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC6
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\system32\dllhost.exe[3704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0022
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B004E
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B003D
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0F9B
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\dllhost.exe[3704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FB6
.text C:\WINDOWS\system32\dllhost.exe[3704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003B0FE5
.text C:\WINDOWS\System32\svchost.exe[4696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[4696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009002C
.text C:\WINDOWS\System32\svchost.exe[4696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B007D
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F88
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0062
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0051
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0036
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F49
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F66
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F24
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00BD
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00CE
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F77
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[4696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00AC
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0036
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A007D
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A001B
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0062
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FC0
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[4696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0047
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FD4
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0055
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0044
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F000C
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\System32\svchost.exe[4696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0029
.text C:\WINDOWS\System32\svchost.exe[4696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00390000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2840] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat 96C10D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:3708] 983D1730

---- EOF - GMER 1.0.15 ----

DDS logs:

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jesse at 13:52:03.31 on Sun 03/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1549 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Jesse\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://freedomexplosion.acnrep.com/l_index.asp?CO_LA=US_EN
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061129
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103083312.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.5)" -"http://pbskids.org/dragontales/treasurehunt/treasurehunt_que.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Easy Dock]
 
Continued Pt.4

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jesse\applic~1\mozilla\firefox\profiles\vyxdwhji.default\
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1284357684);
user_pref(app.update.lastUpdateTime.background-update-timer, 1284357890);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1284357876);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1284357766);
user_pref(app.update.lastUpdateTime.places-maintenance-timer, 1284357420);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1284357571);
user_pref(browser.anchor_color, #0000FF);
user_pref(browser.display.background_color, #C0C0C0);
user_pref(browser.display.use_system_colors, true);
user_pref(browser.download.manager.showAlertOnComplete, false);
user_pref(browser.formfill.enable, false);
user_pref(browser.migration.version, 1);
user_pref(browser.places.smartBookmarksVersion, 2);
user_pref(browser.rights.3.shown, true);
user_pref(browser.search.defaultengine, Ask.com);
user_pref(browser.search.defaultenginename, Web Search);
user_pref(browser.search.order.1, Ask.com);
FF - prefs.js: browser.search.selectedEngine - Web Search);
user_pref(browser.search.useDBForOrder, true);
user_pref(browser.shell.checkDefaultBrowser, false);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.2);
user_pref(browser.visited_color, #800080);
user_pref(extensions.asktb.cbid, WS);
user_pref(extensions.asktb.default-channel-url-mask, http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc});
user_pref(extensions.asktb.fresh-install, false);
user_pref(extensions.asktb.l, dis);
user_pref(extensions.asktb.last-config-req, 1284356433012);
user_pref(extensions.asktb.locale, en_US);
user_pref(extensions.asktb.o, 14556);
user_pref(extensions.asktb.overlay-reloaded-using-restart, true);
user_pref(extensions.asktb.qsrc, 2871);
user_pref(extensions.asktb.r, 2);
user_pref(extensions.asktb.search-plugin-suggestions-url, http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms});
user_pref(extensions.asktb.search-suggestions-enabled, true);
user_pref(extensions.asktb.search-suggestions-uri, http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms});
user_pref(extensions.enabledItems, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,toolbar@ask.com:3.5.0.145,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6);
user_pref(extensions.lastAppVersion, 3.6);
user_pref(extensions.update.notifyUser, false);
user_pref(general.useragent.extra.microsoftdotnet, ( .NET CLR 3.5.30729));
user_pref(idle.lastDailyNotification, 1264999365);
user_pref(intl.accept_languages, en-us);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(keyword.URL, http://search.yahoo.com/search?fr=mcafee&p=);
user_pref(microsoft.CLR.auto_install, false);
user_pref(network.cookie.prefsMigrated, true);
user_pref(places.last_vacuum, 1264999365);
user_pref(print.printer_HP_Photosmart_C4400_series.print_scaling, 0.40);
user_pref(print.printer_HP_Photosmart_C4400_series.print_shrink_to_fit, false);
user_pref(privacy.sanitize.migrateFx3Prefs, true);
user_pref(security.enable_ssl2, true);
user_pref(security.enable_tls, false);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1286948437);
user_pref(xpinstall.whitelist.add, );
user_pref(xpinstall.whitelist.add.36, );


user_pref(browser.search.defaultengine, Yahoo-Mp3Tube);
user_pref(browser.search.defaultenginename, Yahoo-Mp3Tube);
user_pref(browser.search.order.1, Yahoo-Mp3Tube);
user_pref(browser.search.selectedEngine, Yahoo-Mp3Tube);
user_pref(browser.search.selectedEngineURL, http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=d3a5dc6a9f3c4294a3290c5ca86033ed&subid=&Keywords={searchTerms});

user_pref(browser.startup.homepage, http://start.iplay.com/?o=shp
FF - plugin: c:\documents and settings\jesse\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Audiovox Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-7 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-7 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-2 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-7 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-7 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-7 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-7 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-7 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-7 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-7 88544]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-29 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-7 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-7 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-7 84264]
.
=============== Created Last 30 ================
.
2100-02-08 23:03:54 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2011-02-13 23:04:21 -------- d-----w- c:\program files\FamilySearch Indexing
.
==================== Find3M ====================
.
2011-02-10 06:09:20 135168 --sha-r- c:\windows\system32\msdbg2Y.dll
2011-02-05 00:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2001-05-08 23:36:42 114688 ----a-w- c:\program files\lxarscan.dll
.
============= FINISH: 13:53:00.00 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/28/2007 11:15:32 PM
System Uptime: 3/13/2011 1:10:33 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1861/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 173.863 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2/10/2011 2:22:15 AM - System Checkpoint
RP2: 2/11/2011 2:47:33 AM - System Checkpoint
RP3: 2/12/2011 3:09:08 PM - System Checkpoint
RP4: 2/13/2011 3:33:21 PM - System Checkpoint
RP5: 2/14/2011 4:44:56 PM - System Checkpoint
RP6: 2/15/2011 5:05:26 PM - System Checkpoint
RP7: 2/16/2011 5:35:34 PM - System Checkpoint
RP8: 2/17/2011 6:03:03 PM - System Checkpoint
RP9: 2/18/2011 6:39:42 PM - System Checkpoint
RP10: 2/20/2011 3:21:49 PM - System Checkpoint
RP11: 2/21/2011 3:43:42 PM - System Checkpoint
RP12: 2/22/2011 4:25:14 PM - System Checkpoint
RP13: 2/23/2011 4:57:02 PM - System Checkpoint
RP14: 2/24/2011 5:09:52 PM - System Checkpoint
RP15: 2/25/2011 5:57:07 PM - System Checkpoint
RP16: 2/26/2011 6:58:11 PM - System Checkpoint
RP17: 2/27/2011 7:57:08 PM - System Checkpoint
RP18: 2/28/2011 8:43:27 PM - System Checkpoint
RP19: 3/1/2011 8:57:00 PM - System Checkpoint
RP20: 3/2/2011 3:00:16 AM - Software Distribution Service 3.0
RP21: 3/3/2011 9:30:42 AM - System Checkpoint
RP22: 3/3/2011 10:45:53 PM - Installed TurboTax 2010 wrapper
RP23: 3/3/2011 10:53:19 PM - Installed TurboTax 2010 waziper
RP24: 3/5/2011 9:57:47 AM - System Checkpoint
RP25: 3/6/2011 10:16:30 AM - System Checkpoint
RP26: 3/7/2011 2:32:38 PM - System Checkpoint
RP27: 3/8/2011 3:37:48 PM - System Checkpoint
RP28: 3/8/2011 10:41:29 PM - Software Distribution Service 3.0
RP29: 3/9/2011 11:16:40 AM - Installed Java(TM) 6 Update 24
RP30: 3/10/2011 11:48:26 AM - System Checkpoint
RP31: 3/11/2011 12:28:12 PM - System Checkpoint
RP32: 3/12/2011 12:47:13 PM - System Checkpoint
RP33: 3/13/2011 1:35:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
A+ Spanish
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Amazon Kindle For PC
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
Audit Support Center 1.0
Banctec Service Agreement
Bing Maps 3D
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Blackhawk Striker 2
Blasterball 2
Bonjour
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
EducateU
ESPNMotion
eSupportQFolder
FamilySearch Indexing
FamilySearch Indexing 3.7.8
Free DVD Decrypter version 1.3
Free DVD Video Burner version 1.1
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
GoToMeeting 4.1.0.366
GPBaseService
GPBaseService2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Driver Diagnostics
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
iSEEK AnswerWorks English Runtime
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MarketResearch
McAfee Total Protection
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6)
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OCR Software by I.R.I.S. 10.0
OpenDNS Updater 2.2.1
PanoStandAlone
Pod to PC 3.231
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Roxio DLA
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Update Manager
Safari
Scan
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Encoders
Spelling Dictionaries Support For Adobe Reader 8
Status
Switch Sound File Converter
Toolbox
TrayApp
Turbo Tax Audit Support Center 3.0
TurboTax 2009
TurboTax 2009 waziper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 waziper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2007
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VideoToolkit01
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Word Riot Deluxe
Yahoo! BrowserPlus 2.9.2
Yahoo! Music Jukebox
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/7/2011 8:19:21 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/7/2011 8:19:06 AM, error: Service Control Manager [7000] - The Lexmark X73 MFP Scanner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/13/2011 1:11:41 PM, error: System Error [1003] - Error code 0000000a, parameter1 00461000, parameter2 0000001c, parameter3 00000000, parameter4 806163cf.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:15 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:13 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:13 PM, error: Service Control Manager [7034] - The Intel(R) Quick Resume technology service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:12 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:11 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:11 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:11 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:11 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2011 10:14:10 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 10:14:10 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
RK Unhooker LE report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0DD000 C:\WINDOWS\System32\ati3duag.dll 2756608 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF37E000 C:\WINDOWS\System32\ativvaxx.dll 1753088 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9206000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1642496 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xA4190000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xB9017000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9B4F3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 749568 bytes
0xB9E6C000 iaStor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB8F70000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D10000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA3F36000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8E37000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9DDD000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xA407C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x98C9B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8EC5000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBF52A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 286720 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF09B000 C:\WINDOWS\System32\atikvmag.dll 270336 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0x98F9B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB91B9000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB9139000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB8E95000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x991BC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CE3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x96FA3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA3FA6000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB916D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA3FF3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA4056000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8F10000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA416C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9195000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9116000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x97BDF000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA3FD1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E4C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CC9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x994C5000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DB0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8F45000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x994DD000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0x994AF000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DC7000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x9740A000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x9944A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8F5C000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB91F2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA40D5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA401B000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB9D9D000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E3A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8F34000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9B9AF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9523000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB4C03000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9513000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4368000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB4C13000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB465C000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB94F3000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x98523000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB4BB3000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9503000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0x976B1000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB94E3000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB7A7D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB4C43000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA308000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB46CC000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9533000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB4BD3000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9811D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB4BE3000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA368000 C:\WINDOWS\system32\DRIVERS\ELacpi.sys 32768 bytes (Intel Corporation, -)
0xBA358000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB4AEA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB4AE2000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA350000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9B7C8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4F98000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA340000 C:\DOCUME~1\Jesse\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA388000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB4618000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB4608000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB4FA0000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA360000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB4610000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xBA390000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA448000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA348000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB4F90000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB4AF2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA378000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA380000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9BC6F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA4036000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA0944000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA42B8000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB4479000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C50000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB9C54000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA42AC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA42BC000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9B60F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB4485000 C:\WINDOWS\System32\Drivers\Elhid.sys 12288 bytes (Intel Corporation, -)
0xB4CE6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB5810000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0x98C87000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB4481000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9397000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB4D02000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA612000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA64A000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA66A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA61E000 C:\WINDOWS\System32\Drivers\Elkbd.sys 8192 bytes (Intel Corporation, -)
0xBA61C000 C:\WINDOWS\System32\Drivers\Elmon.sys 8192 bytes (Intel Corporation, -)
0xBA61A000 C:\WINDOWS\System32\Drivers\Elmou.sys 8192 bytes (Intel Corporation, -)
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA614000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA64C000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA650000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA60C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA76A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9BD32000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xA367B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB4756000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
0x054E0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 126976 bytes
0x03A50000 Hidden Image-->System.XML.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 2060288 bytes
0x045D0000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 266240 bytes
0x04360000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 270336 bytes
0x01080000 Hidden Image-->log4net.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 282624 bytes
0x03CB0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x89BCFDA0 ] PID: 988, 28672 bytes
0x04030000 Hidden Image-->System.Data.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 2961408 bytes
0x04B20000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 307200 bytes
0x03430000 Hidden Image-->System.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 3190784 bytes
0x053E0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 421888 bytes
0x03270000 Hidden Image-->System.configuration.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 438272 bytes
0x03C90000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x89BCFDA0 ] PID: 988, 45056 bytes
0x043D0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 479232 bytes
0x04D80000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 5033984 bytes
0x98415730 Unknown thread object [ ETHREAD 0x897EEB30 ] , 600 bytes
0x9744B730 Unknown thread object [ ETHREAD 0x88F17888 ] , 600 bytes
0x9744B730 Unknown thread object [ ETHREAD 0x89AFB020 ] , 600 bytes
0x052D0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x88E926B8 ] PID: 2156, 634880 bytes
0x02F00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x89BCFDA0 ] PID: 988, 77824 bytes
0x03F50000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x88E926B8 ] PID: 2156, 872448 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combo Fix log

ComboFix 11-03-12.01 - Jesse 03/13/2011 16:59:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1410 [GMT -7:00]
Running from: c:\documents and settings\Jesse\Desktop\Desktop Programs\Cleanup Programs\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jesse\g2mdlhlpx.exe
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2100-02-08 23:03 . 2001-05-11 18:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2011-02-14 20:12 . 2011-02-14 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-13 23:04 . 2011-02-13 23:04 -------- d-----w- c:\program files\FamilySearch Indexing
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 00:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 04:40 . 2010-06-18 04:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19 . 2009-06-21 22:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 06:40 . 2011-01-19 06:40 53248 ----a-r- c:\documents and settings\Jesse\Application Data\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 10:18 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 01:09 . 2010-10-05 01:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-10-05 01:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2001-05-08 23:36 . 2000-12-05 22:56 114688 ----a-w- c:\program files\lxarscan.dll
2010-07-08 21:21 . 2010-07-08 21:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 05:28 . 2010-08-07 10:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-29 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 18:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 07:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 21:21 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2006-11-14 20:22 121640 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner]
2009-07-01 19:22 5668864 ----a-w- c:\program files\NoteBurner\VTBurnerGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 ----a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-22 05:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/7/2010 3:51 AM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/2/2008 3:24 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/7/2010 3:51 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/7/2010 3:51 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/7/2010 3:51 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/7/2010 3:51 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/7/2010 3:51 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/7/2010 3:51 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/7/2010 3:51 AM 88544]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/29/2006 4:24 PM 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/7/2010 3:51 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/7/2010 3:51 AM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-03-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{FA8589CB-21C9-4977-9BA4-098E6AF19663}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://freedomexplosion.acnrep.com/l_index.asp?CO_LA=US_EN
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\vyxdwhji.default\
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1284357684);
user_pref(app.update.lastUpdateTime.background-update-timer, 1284357890);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1284357876);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1284357766);
user_pref(app.update.lastUpdateTime.places-maintenance-timer, 1284357420);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1284357571);
user_pref(browser.anchor_color, #0000FF);
user_pref(browser.display.background_color, #C0C0C0);
user_pref(browser.display.use_system_colors, true);
user_pref(browser.download.manager.showAlertOnComplete, false);
user_pref(browser.formfill.enable, false);
user_pref(browser.migration.version, 1);
user_pref(browser.places.smartBookmarksVersion, 2);
user_pref(browser.rights.3.shown, true);
user_pref(browser.search.defaultengine, Ask.com);
user_pref(browser.search.defaultenginename, Web Search);
user_pref(browser.search.order.1, Ask.com);
FF - prefs.js: browser.search.selectedEngine - Web Search);
user_pref(browser.search.useDBForOrder, true);
user_pref(browser.shell.checkDefaultBrowser, false);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.2);
user_pref(browser.visited_color, #800080);
user_pref(extensions.asktb.cbid, WS);
user_pref(extensions.asktb.default-channel-url-mask, http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc});
user_pref(extensions.asktb.fresh-install, false);
user_pref(extensions.asktb.l, dis);
user_pref(extensions.asktb.last-config-req, 1284356433012);
user_pref(extensions.asktb.locale, en_US);
user_pref(extensions.asktb.o, 14556);
user_pref(extensions.asktb.overlay-reloaded-using-restart, true);
user_pref(extensions.asktb.qsrc, 2871);
user_pref(extensions.asktb.r, 2);
user_pref(extensions.asktb.search-plugin-suggestions-url, http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms});
user_pref(extensions.asktb.search-suggestions-enabled, true);
user_pref(extensions.asktb.search-suggestions-uri, http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms});
user_pref(extensions.enabledItems, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,toolbar@ask.com:3.5.0.145,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6);
user_pref(extensions.lastAppVersion, 3.6);
user_pref(extensions.update.notifyUser, false);
user_pref(general.useragent.extra.microsoftdotnet, ( .NET CLR 3.5.30729));
user_pref(idle.lastDailyNotification, 1264999365);
user_pref(intl.accept_languages, en-us);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(keyword.URL, http://search.yahoo.com/search?fr=mcafee&p=);
user_pref(microsoft.CLR.auto_install, false);
user_pref(network.cookie.prefsMigrated, true);
user_pref(places.last_vacuum, 1264999365);
user_pref(print.printer_HP_Photosmart_C4400_series.print_scaling, 0.40);
user_pref(print.printer_HP_Photosmart_C4400_series.print_shrink_to_fit, false);
user_pref(privacy.sanitize.migrateFx3Prefs, true);
user_pref(security.enable_ssl2, true);
user_pref(security.enable_tls, false);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1286948437);
user_pref(xpinstall.whitelist.add, );
user_pref(xpinstall.whitelist.add.36, );


user_pref(browser.search.defaultengine, Yahoo-Mp3Tube);
user_pref(browser.search.defaultenginename, Yahoo-Mp3Tube);
user_pref(browser.search.order.1, Yahoo-Mp3Tube);
user_pref(browser.search.selectedEngine, Yahoo-Mp3Tube);
user_pref(browser.search.selectedEngineURL, http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=d3a5dc6a9f3c4294a3290c5ca86033ed&subid=&Keywords={searchTerms});

user_pref(browser.startup.homepage, http://start.iplay.com/?o=shp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Audiovox Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
HKLM-Run-Easy Dock - (no file)
MSConfigStartUp-Easy Dock - c:\documents and settings\Jesse\My Documents\RCA easyRip\EZDock.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
AddRemove-Free DVD Decrypter_is1 - c:\program files\DVDVideoSoft\Free DVD Decrypter\unins000.exe
AddRemove-Free DVD Video Burner_is1 - c:\program files\DVDVideoSoft\Free DVD Video Burner\unins000.exe
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\Common Files\McAfee\SystemCore\ScriptSn.20101103083312.dll
c:\windows\system32\JScript.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-03-13 17:30:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 00:30
.
Pre-Run: 186,659,876,864 bytes free
Post-Run: 186,531,852,288 bytes free
.
- - End Of File - - 4C81F776D2554D911C6D5094CFBBB359
 
How is redirection?

Uninstall Ask Toolbar, known foistware.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller report

Still redirecting...

2011/03/13 18:41:14.0093 5860 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/13 18:41:14.0812 5860 ================================================================================
2011/03/13 18:41:14.0812 5860 SystemInfo:
2011/03/13 18:41:14.0812 5860
2011/03/13 18:41:14.0812 5860 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/13 18:41:14.0812 5860 Product type: Workstation
2011/03/13 18:41:14.0812 5860 ComputerName: HOME
2011/03/13 18:41:14.0812 5860 UserName: Jesse
2011/03/13 18:41:14.0812 5860 Windows directory: C:\WINDOWS
2011/03/13 18:41:14.0812 5860 System windows directory: C:\WINDOWS
2011/03/13 18:41:14.0812 5860 Processor architecture: Intel x86
2011/03/13 18:41:14.0812 5860 Number of processors: 2
2011/03/13 18:41:14.0812 5860 Page size: 0x1000
2011/03/13 18:41:14.0812 5860 Boot type: Normal boot
2011/03/13 18:41:14.0812 5860 ================================================================================
2011/03/13 18:41:14.0968 5860 Initialize success
2011/03/13 18:41:19.0171 4516 ================================================================================
2011/03/13 18:41:19.0171 4516 Scan started
2011/03/13 18:41:19.0171 4516 Mode: Manual;
2011/03/13 18:41:19.0171 4516 ================================================================================
2011/03/13 18:41:19.0734 4516 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/13 18:41:19.0906 4516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/13 18:41:19.0937 4516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/13 18:41:20.0000 4516 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/13 18:41:20.0109 4516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/13 18:41:20.0156 4516 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/13 18:41:20.0187 4516 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/13 18:41:20.0265 4516 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/13 18:41:20.0328 4516 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/13 18:41:20.0421 4516 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/13 18:41:20.0484 4516 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/13 18:41:20.0562 4516 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/13 18:41:20.0656 4516 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/13 18:41:20.0718 4516 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/13 18:41:20.0781 4516 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/13 18:41:20.0859 4516 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/13 18:41:20.0953 4516 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/13 18:41:21.0031 4516 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/13 18:41:21.0140 4516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/13 18:41:21.0203 4516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/13 18:41:21.0359 4516 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/13 18:41:21.0484 4516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/13 18:41:21.0562 4516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/13 18:41:21.0609 4516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/13 18:41:21.0671 4516 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/13 18:41:21.0687 4516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/13 18:41:21.0734 4516 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/13 18:41:21.0796 4516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/13 18:41:21.0843 4516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/13 18:41:21.0875 4516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/13 18:41:21.0921 4516 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/03/13 18:41:22.0046 4516 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/13 18:41:22.0125 4516 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/13 18:41:22.0203 4516 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/13 18:41:22.0281 4516 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/13 18:41:22.0390 4516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/13 18:41:22.0437 4516 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/03/13 18:41:22.0484 4516 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/03/13 18:41:22.0531 4516 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/03/13 18:41:22.0671 4516 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/03/13 18:41:22.0687 4516 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/03/13 18:41:22.0750 4516 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/03/13 18:41:22.0906 4516 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/03/13 18:41:22.0953 4516 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/03/13 18:41:22.0984 4516 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/03/13 18:41:23.0140 4516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/13 18:41:23.0218 4516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/13 18:41:23.0234 4516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/13 18:41:23.0250 4516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/13 18:41:23.0296 4516 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/13 18:41:23.0328 4516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/13 18:41:23.0390 4516 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/03/13 18:41:23.0406 4516 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/03/13 18:41:23.0500 4516 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/03/13 18:41:23.0671 4516 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/13 18:41:23.0781 4516 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/03/13 18:41:24.0031 4516 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2011/03/13 18:41:24.0156 4516 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
2011/03/13 18:41:24.0250 4516 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
2011/03/13 18:41:24.0343 4516 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
2011/03/13 18:41:24.0484 4516 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
2011/03/13 18:41:24.0609 4516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/13 18:41:24.0671 4516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/13 18:41:24.0734 4516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/13 18:41:24.0765 4516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/13 18:41:24.0812 4516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/13 18:41:24.0859 4516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/13 18:41:24.0921 4516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/13 18:41:24.0968 4516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/13 18:41:25.0093 4516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/13 18:41:25.0156 4516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/13 18:41:25.0187 4516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/13 18:41:25.0234 4516 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/13 18:41:25.0343 4516 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/13 18:41:25.0515 4516 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/13 18:41:25.0640 4516 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/13 18:41:25.0781 4516 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/13 18:41:25.0906 4516 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/13 18:41:26.0062 4516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/13 18:41:26.0109 4516 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/13 18:41:26.0140 4516 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/13 18:41:26.0187 4516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/13 18:41:26.0265 4516 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/03/13 18:41:26.0296 4516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/13 18:41:26.0343 4516 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/13 18:41:26.0531 4516 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/13 18:41:26.0593 4516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/13 18:41:26.0625 4516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/13 18:41:26.0671 4516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/13 18:41:26.0718 4516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/13 18:41:26.0765 4516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/13 18:41:26.0828 4516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/13 18:41:26.0890 4516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/13 18:41:26.0921 4516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/13 18:41:26.0953 4516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/13 18:41:26.0968 4516 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/13 18:41:27.0000 4516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/13 18:41:27.0078 4516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/13 18:41:27.0140 4516 LXARScan (e8d15acd2f65a2e8756768353e08a9a0) C:\WINDOWS\system32\Drivers\Lxarscan.sys
2011/03/13 18:41:27.0328 4516 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/13 18:41:27.0468 4516 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/03/13 18:41:27.0593 4516 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/03/13 18:41:27.0828 4516 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/03/13 18:41:27.0953 4516 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/03/13 18:41:28.0093 4516 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/03/13 18:41:28.0125 4516 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/13 18:41:28.0218 4516 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/13 18:41:28.0250 4516 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/03/13 18:41:28.0359 4516 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/03/13 18:41:28.0546 4516 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/13 18:41:28.0703 4516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/13 18:41:28.0750 4516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/13 18:41:28.0781 4516 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/13 18:41:28.0859 4516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/13 18:41:28.0906 4516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/13 18:41:28.0953 4516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/13 18:41:29.0015 4516 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/13 18:41:29.0156 4516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/13 18:41:29.0187 4516 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/13 18:41:29.0218 4516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/13 18:41:29.0250 4516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/13 18:41:29.0281 4516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/13 18:41:29.0328 4516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/13 18:41:29.0375 4516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/13 18:41:29.0406 4516 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/13 18:41:29.0437 4516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/13 18:41:29.0453 4516 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/13 18:41:29.0484 4516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/13 18:41:29.0515 4516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/13 18:41:29.0578 4516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/13 18:41:29.0609 4516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/13 18:41:29.0640 4516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/13 18:41:29.0687 4516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/13 18:41:29.0718 4516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/13 18:41:29.0796 4516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/13 18:41:29.0875 4516 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/13 18:41:30.0031 4516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/13 18:41:30.0062 4516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/13 18:41:30.0156 4516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/13 18:41:30.0218 4516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/13 18:41:30.0250 4516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/13 18:41:30.0265 4516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/13 18:41:30.0296 4516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/13 18:41:30.0359 4516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/13 18:41:30.0531 4516 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/13 18:41:30.0703 4516 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/13 18:41:30.0765 4516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/13 18:41:30.0796 4516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/13 18:41:30.0828 4516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/13 18:41:30.0875 4516 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/13 18:41:30.0906 4516 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/13 18:41:30.0953 4516 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/13 18:41:30.0984 4516 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/13 18:41:31.0000 4516 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/13 18:41:31.0031 4516 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/13 18:41:31.0062 4516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/13 18:41:31.0093 4516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/13 18:41:31.0125 4516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/13 18:41:31.0171 4516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/13 18:41:31.0187 4516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/13 18:41:31.0218 4516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/13 18:41:31.0265 4516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/13 18:41:31.0296 4516 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/13 18:41:31.0328 4516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/13 18:41:31.0375 4516 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/03/13 18:41:31.0484 4516 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/13 18:41:31.0640 4516 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/13 18:41:31.0750 4516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/13 18:41:31.0781 4516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/13 18:41:31.0843 4516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/13 18:41:31.0890 4516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/13 18:41:31.0953 4516 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/13 18:41:32.0031 4516 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/13 18:41:32.0062 4516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/13 18:41:32.0109 4516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/13 18:41:32.0125 4516 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/13 18:41:32.0218 4516 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/13 18:41:32.0406 4516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/13 18:41:32.0437 4516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/13 18:41:32.0500 4516 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/13 18:41:32.0578 4516 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/13 18:41:32.0734 4516 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/13 18:41:32.0796 4516 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/13 18:41:32.0875 4516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/13 18:41:32.0921 4516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/13 18:41:32.0984 4516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/13 18:41:33.0015 4516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/13 18:41:33.0031 4516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/13 18:41:33.0109 4516 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/13 18:41:33.0203 4516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/13 18:41:33.0250 4516 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/13 18:41:33.0390 4516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/13 18:41:33.0453 4516 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/13 18:41:33.0656 4516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/13 18:41:33.0703 4516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/13 18:41:33.0750 4516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/13 18:41:33.0781 4516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/13 18:41:33.0812 4516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/13 18:41:33.0828 4516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/13 18:41:33.0875 4516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/13 18:41:33.0921 4516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/13 18:41:33.0968 4516 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/13 18:41:34.0015 4516 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/13 18:41:34.0062 4516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/13 18:41:34.0093 4516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/13 18:41:34.0171 4516 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/13 18:41:34.0515 4516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/13 18:41:34.0625 4516 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/13 18:41:34.0734 4516 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/13 18:41:34.0781 4516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/13 18:41:34.0812 4516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/13 18:41:34.0875 4516 ================================================================================
2011/03/13 18:41:34.0875 4516 Scan finished
2011/03/13 18:41:34.0875 4516 ================================================================================
 
That's clean.

Which browser is getting redirected?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
MBR Check & OTL logs

I am using Google.

I hope I didn't screw up... I checked the Scan All box, but I hit the Clean Up button after I pasted the info. Once it ran, I hit the Quick Scan button...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000011c

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA328000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E6C000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4C000 fltmgr.sys
0xB9E3A000 sr.sys
0xB9DDD000 mfehidk.sys
0xB9DC7000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DB0000 KSecDD.sys
0xB9D9D000 WudfPf.sys
0xB9D10000 Ntfs.sys
0xB9CE3000 NDIS.sys
0xB9CC9000 Mup.sys
0xB967E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9294000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9280000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9247000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9223000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB91FB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB91C7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB91A4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB90A5000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8FFE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA468000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5FA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB966E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB965E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB964E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ELacpi.sys
0xBA73B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8FEA000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA5FC000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB963E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB942D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8FD3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB962E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB961E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8FC2000 \SystemRoot\system32\DRIVERS\psched.sys
0xB960E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8F9E000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8F53000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA490000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA498000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB8F23000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA600000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8EC5000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9C8C000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB82EA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7890000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA64E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA66C1000 \SystemRoot\system32\drivers\sthda.sys
0xA669D000 \SystemRoot\system32\drivers\portcls.sys
0xB7870000 \SystemRoot\system32\drivers\drmk.sys
0xB88B3000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA654000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB6B8A000 \SystemRoot\System32\Drivers\Null.SYS
0xBA656000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA450000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB808A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8082000 \SystemRoot\System32\drivers\vga.sys
0xBA658000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA65A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8072000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB806A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB88A7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA65E1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA6588000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA6575000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xA654F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA6527000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6BB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA6505000 \SystemRoot\System32\drivers\afd.sys
0xB6891000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA64DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA646A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6831000 \SystemRoot\System32\Drivers\Fips.SYS
0xA667D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA3379000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA6679000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
0xA30FD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA5E4000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
0xBA5E6000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
0xBA5E8000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
0x9CF3B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9CF33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9CF2F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9C82B000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9C823000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0x9C81B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9C786000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0x9CF2B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0x9C766000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9B1B8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9BE0B000 \SystemRoot\System32\drivers\Dxapi.sys
0x9BD1C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA2D31000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09B000 \SystemRoot\System32\atikvmag.dll
0xBF0DD000 \SystemRoot\System32\ati3duag.dll
0xBF37E000 \SystemRoot\System32\ativvaxx.dll
0xBF52A000 \SystemRoot\System32\ATMFD.DLL
0xBA1D8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xA34E8000 \SystemRoot\System32\DLA\DLADResN.SYS
0x991A2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA06F2000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x9B277000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA3B0000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9918A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x99174000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x9B3F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x990F7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x99066000 \SystemRoot\System32\Drivers\HTTP.sys
0x98F96000 \SystemRoot\system32\DRIVERS\srv.sys
0x98F36000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x98C26000 \SystemRoot\system32\drivers\cfwids.sys
0xBA400000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x9858E000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x98579000 \SystemRoot\system32\drivers\wdmaud.sys
0x98C96000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C803000 \??\C:\ComboFix\catchme.sys
0xBA5AE000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x96398000 \SystemRoot\system32\drivers\mfeapfk.sys
0x966E8000 \SystemRoot\system32\drivers\mfebopk.sys
0x9636D000 \SystemRoot\system32\drivers\kmixer.sys
0x962D8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
996 C:\WINDOWS\system32\smss.exe
1052 csrss.exe
1080 C:\WINDOWS\system32\winlogon.exe
1124 C:\WINDOWS\system32\services.exe
1136 C:\WINDOWS\system32\lsass.exe
1344 C:\WINDOWS\system32\ati2evxx.exe
1360 C:\WINDOWS\system32\svchost.exe
1452 svchost.exe
1576 C:\WINDOWS\system32\svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1708 svchost.exe
1772 svchost.exe
2028 C:\WINDOWS\system32\LEXBCES.EXE
180 C:\WINDOWS\system32\spoolsv.exe
184 C:\WINDOWS\system32\rundll32.exe
400 svchost.exe
444 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
460 C:\Program Files\Bonjour\mDNSResponder.exe
536 C:\WINDOWS\ehome\ehrecvr.exe
576 C:\WINDOWS\ehome\ehSched.exe
608 C:\WINDOWS\system32\svchost.exe
784 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
800 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1028 C:\Program Files\Java\jre6\bin\jqs.exe
1380 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1532 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1944 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
492 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
528 C:\WINDOWS\system32\svchost.exe
560 C:\WINDOWS\system32\svchost.exe
904 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
988 svchost.exe
160 C:\WINDOWS\system32\svchost.exe
2108 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2212 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2264 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
2292 mcrdsvc.exe
4092 C:\WINDOWS\system32\dllhost.exe
2320 alg.exe
1764 C:\WINDOWS\system32\svchost.exe
3592 C:\WINDOWS\system32\rundll32.exe
2884 C:\WINDOWS\ehome\ehtray.exe
3000 C:\WINDOWS\stsystra.exe
348 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3060 C:\WINDOWS\ehome\ehmsas.exe
3152 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3276 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2860 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1656 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
4052 C:\Program Files\McAfee.com\Agent\mcagent.exe
3812 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3820 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
3868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2148 C:\Program Files\Digital Line Detect\DLG.exe
2576 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2080 C:\WINDOWS\system32\ctfmon.exe
1184 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1920 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3580 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3448 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3848 C:\WINDOWS\explorer.exe
5708 C:\Program Files\Internet Explorer\iexplore.exe
4960 C:\WINDOWS\system32\rundll32.exe
1728 C:\Documents and Settings\Jesse\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.ADH

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!


OTL logfile created on: 3/13/2011 7:04:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jesse\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 173.69 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HOME | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 18:55:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/24 09:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 06:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/01 15:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/13 18:55:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/06/01 15:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (catchme)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/07/24 09:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 14:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/09 14:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 14:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 14:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 14:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 14:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/03/08 16:57:12 | 000,018,024 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LXARScan.sys -- (LXARScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061129


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061129
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061129
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://freedomexplosion.acnrep.com/l_index.asp?CO_LA=US_EN
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="
FF - user.js..keyword.enabled: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/28 18:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/21 18:01:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/19 21:43:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 12:31:44 | 000,000,000 | ---D | M]

[2010/01/31 19:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Extensions
[2011/03/13 18:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\vyxdwhji.default\extensions
[2010/09/12 22:40:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\vyxdwhji.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 22:40:33 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\vyxdwhji.default\searchplugins\askcom.xml
[2010/11/19 13:53:50 | 000,001,215 | ---- | M] () -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\vyxdwhji.default\searchplugins\Mp3Tube.xml
[2011/03/09 11:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 21:33:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 23:23:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/09 11:19:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYXDWHJI.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYXDWHJI.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2009/01/12 12:24:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/28 18:33:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/12 22:45:11 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/11/19 14:15:15 | 000,001,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober114065703.xml

O1 HOSTS File: ([2011/03/13 17:25:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103083312.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jesse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jesse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2100/02/08 16:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2011/03/13 18:54:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
[2011/03/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/03/13 16:47:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/13 16:42:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/04 18:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Desktop\Greeley House
[2011/03/03 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/02/13 16:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FamilySearch
[2011/02/13 16:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\FamilySearch Indexing
[2007/05/27 14:56:39 | 000,018,024 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\LXARScan.sys

========== Files - Modified Within 30 Days ==========

[2011/03/13 18:55:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
[2011/03/13 18:54:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\MBRCheck.exe
[2011/03/13 17:25:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/13 17:25:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/13 17:08:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 17:08:24 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 16:52:39 | 204,513,280 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/03/13 16:47:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/12 21:00:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA8589CB-21C9-4977-9BA4-098E6AF19663}.job
[2011/03/11 17:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/09 21:09:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/09 16:35:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/08 22:42:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 16:31:25 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/03/05 08:12:33 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/23 22:53:50 | 000,023,916 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\featured001_glove.jpg
[2011/02/23 22:20:00 | 000,124,055 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\chart-unemployment-rate-education-feb-2011.jpg
[2011/02/23 22:16:39 | 000,014,362 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\scholarship.jpg
[2011/02/13 16:05:32 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Jesse\jobq.dat
[2011/02/13 16:04:43 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FamilySearch Indexing.lnk

========== Files Created - No Company Name ==========

[2100/02/23 14:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 15:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2011/03/13 18:54:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\MBRCheck.exe
[2011/03/13 16:47:48 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/03/13 16:47:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/03 22:47:54 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/02/23 22:54:19 | 000,023,916 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\featured001_glove.jpg
[2011/02/23 22:20:55 | 000,124,055 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\chart-unemployment-rate-education-feb-2011.jpg
[2011/02/23 22:17:06 | 000,014,362 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\scholarship.jpg
[2011/02/13 16:04:43 | 000,002,079 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FamilySearch Indexing.lnk
[2011/02/09 23:09:20 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\msdbg2Y.dll
[2010/10/12 20:41:53 | 000,013,009 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\Comma Separated Values (Windows).CAL
[2010/10/12 20:40:26 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\Comma Separated Values (Windows).ADR
[2010/10/12 20:04:49 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\MTC-savedfolder.dat
[2010/10/05 22:50:29 | 000,063,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/23 08:20:22 | 002,488,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/21 00:08:25 | 000,001,760 | ---- | C] () -- C:\WINDOWS\EReg196.dat
[2010/04/15 14:57:26 | 000,000,190 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/04/15 12:42:32 | 000,000,201 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/01/31 19:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/21 18:00:39 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/24 16:56:48 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/27 22:31:07 | 000,038,465 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\Comma Separated Values (DOS).ADR
[2009/08/10 18:33:52 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/08/09 20:53:37 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/06/18 18:08:12 | 000,116,839 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/30 12:26:52 | 000,033,061 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2008/11/13 21:24:53 | 000,157,742 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2008/11/13 21:24:53 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2008/11/02 17:01:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/26 22:50:20 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\dvd.bmk
[2007/05/08 18:01:47 | 000,108,544 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/31 21:53:08 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/28 23:21:57 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\153D4F8AFC.sys
[2007/02/28 23:21:56 | 000,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/28 23:15:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2006/11/29 16:31:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/29 16:23:39 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/29 16:20:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/29 16:16:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
[2006/11/29 15:56:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/29 15:56:05 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/29 15:54:57 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,445,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,073,036 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/29 17:42:30 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/20 10:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2001/01/18 15:55:22 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\Ptlic32.exe
[2000/12/05 15:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/01/11 12:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
 
OTL Continued...

========== LOP Check ==========

[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/01/01 16:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/11/19 14:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2007/04/14 12:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/08/19 08:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/12/02 14:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/02 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/14 12:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/29 16:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/06/10 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/17 23:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Amazon
[2009/08/09 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Blackberry Desktop
[2010/11/19 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\com.w3i.musicoasis
[2010/08/27 10:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Elluminate
[2007/07/21 21:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2010/01/01 16:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\NCH Swift Sound
[2010/09/27 22:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\OpenDNS Updater
[2007/04/14 12:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Otto
[2010/11/20 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\PCDr
[2010/02/11 20:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Pogo Games
[2010/08/26 07:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Research In Motion
[2008/11/18 15:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Smith Micro
[2010/01/01 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Titanium Gears
[2010/02/11 10:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\WeatherBug
[2007/04/14 12:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\WildTangent
[2009/02/27 11:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/03/12 21:00:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA8589CB-21C9-4977-9BA4-098E6AF19663}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/11 06:49:43 | 000,002,010 | ---- | M] () -- C:\balance.txt
[2010/10/05 21:06:49 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/03/13 16:47:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/11/29 15:59:04 | 000,007,210 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/03/13 17:08:24 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2007/03/04 23:06:45 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/12 20:03:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/13 17:08:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/11/29 16:28:21 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/08/20 23:42:24 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 03:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/17 18:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2001/05/11 11:39:16 | 000,053,248 | ---- | M] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2001/07/26 16:58:46 | 000,000,047 | ---- | M] () -- C:\Program Files\ACMonitor_X73.ini
[2001/04/23 14:22:14 | 000,001,437 | ---- | M] () -- C:\Program Files\gtx73.ini
[2001/05/08 16:36:42 | 000,114,688 | ---- | M] () -- C:\Program Files\lxarscan.dll
[2001/07/05 12:46:44 | 000,008,116 | ---- | M] () -- C:\Program Files\OSLO3071b2.USB
[2001/02/22 09:54:36 | 000,000,768 | ---- | M] () -- C:\Program Files\x73_lut.dat

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/12/12 20:06:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2006/11/29 16:15:12 | 000,487,136 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/02/28 23:16:00 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 03:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/13 18:54:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\MBRCheck.exe
[2011/03/13 18:55:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/17 23:18:11 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jesse\My Documents\FileFormatConverters.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/02/28 23:15:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jesse\Favorites\Desktop.ini
[2010/01/01 16:14:29 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Jesse\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/06/07 20:14:22 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jesse\Cookies\desktop.ini
[2011/03/13 19:06:34 | 000,311,296 | ---- | M] () -- C:\Documents and Settings\Jesse\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB

< End of report >

OTL Extras logfile created on: 3/13/2011 7:04:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jesse\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 173.69 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HOME | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 3.231
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.8
"A+ Spanish" = A+ Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon Kindle For PC" = Amazon Kindle For PC
"ATI Display Driver" = ATI Display Driver
"Audit Support Center" = Audit Support Center 1.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
"EL" = Intel(R) Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"Switch" = Switch Sound File Converter
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FamilySearch Indexing" = FamilySearch Indexing
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2011 4:17:23 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2011 4:17:29 AM | Computer Name = HOME | Source = Application Hang | ID = 1001
Description = Fault bucket -1992457646.

Error - 2/10/2011 4:29:15 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/14/2011 11:00:10 AM | Computer Name = HOME | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3372 (0xd2c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Java\jre6\bin\deploy.dll

by C:\Program Files\Java\jre6\bin\jqs.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/2/2011 6:19:52 AM | Computer Name = HOME | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3628 (0xe2c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Java\jre6\bin\deploy.dll

by C:\Program Files\Java\jre6\bin\jqs.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/2/2011 12:57:31 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 1:05:32 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2011 12:12:48 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2011 11:02:06 PM | Computer Name = HOME | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/12/2011 3:05:38 PM | Computer Name = HOME | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6545.5000, P3
ole32.dll, P4 5.1.2600.6010, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 3/13/2011 2:29:39 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/13/2011 2:31:00 AM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 3/13/2011 4:11:41 PM | Computer Name = HOME | Source = System Error | ID = 1003
Description = Error code 0000000a, parameter1 00461000, parameter2 0000001c, parameter3
00000000, parameter4 806163cf.

Error - 3/13/2011 4:12:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 3/13/2011 4:12:56 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/13/2011 7:54:24 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 3/13/2011 7:54:27 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/13/2011 7:56:25 PM | Computer Name = HOME | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 88052580, parameter3
00000000, parameter4 00000000.

Error - 3/13/2011 8:08:48 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 3/13/2011 8:10:08 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >
 
You didn't say:
Which browser is getting redirected?
Click to expand...
Google is not a browser.
Browser would be Internet Explorer, Firefox, Opera, Google Chrome etc....

=========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYXDWHJI.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYXDWHJI.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2786755192-1266608505-2825628639-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
OTL Run Fix

I'm sorry... I am using Internet Explorer


All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2786755192-1266608505-2825628639-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
C:\WINDOWS\Downloaded Program Files\VE3DInstall.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jesse
->Temp folder emptied: 249192 bytes
->Temporary Internet Files folder emptied: 7581212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1308 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jesse
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03132011_193434

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDDA7.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDDB8.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDDDD.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDDEE.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDE78.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDE89.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDF13.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DFDF24.tmp not found!
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\KXGPYQYN\sh33[1].html moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\KXGPYQYN\topic162427[1].html moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\HTZ7BJM8\mail[2].txt moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\237QGFQL\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\237QGFQL\mail[2].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\237QGFQL\mail[3].htm moved successfully.

Registry entries deleted on Reboot...
 
I can see, you also have Firefox installed.
Can you check, if it's getting redirected too?
 
Open Internet Explorer.
Go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
Check for redirection.
 
Perfect!

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Last scans...

Here is the checkup log and there were no threats found on the ESET scan.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee Total Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Uninstall Java(TM) 6 Update 7

Update Firefox to the latest 3.6.15 version.

==========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jesse
->Temp folder emptied: 52657936 bytes
->Temporary Internet Files folder emptied: 46698607 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7253105 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1194 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67292 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 172152 bytes

Total Files Cleaned = 102.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jesse
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03152011_215653

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF5316.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF5327.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF534C.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF535D.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF5400.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF5411.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF546B.tmp not found!
File\Folder C:\Documents and Settings\Jesse\Local Settings\Temp\~DF547C.tmp not found!
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\R3HABFXO\crosspixel-dest[2].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\R3HABFXO\topic162427-2[1].html moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\QJ8QZR4Y\mail[3].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\GE4JP7ZH\mail[1].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\GE4JP7ZH\mail[2].htm moved successfully.
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\GE4JP7ZH\sh33[1].html moved successfully.

Registry entries deleted on Reboot...

I will complete the remainder and follow additional directions. Be back later!
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni

Latest posts

Back