[RESOLVED] Broni- I need help again.

Hi Broni,

Thank you, again, for helping me with my computer, but now I need help for my sons’ computer.

I have a cable modem, that goes to a Linksys router, then to my computer, the computer that my boys share, my daughter’s computer, and a network shared wireless printer. I know nothing about setting up the network, firewalls, and setting up security software, but, the router has an enabled firewall, all computers are running McAfee anti-virus and firewall software, Webroot Spy Sweeper, CCleaner and Malwarebytes is frequently run.
I may have all of the correct security measures, but it is entirely possible that I have set up horrible settings and such, and don’t even know it.

One of my sons’ email account has started sending spoofed emails to all of his contacts. It is various online drug and internet sex site promotions and links. It has caused major embarrassment, as this material was sent to his grandparents, coaches, teachers etc.

I contacted MSN, and they instructed me to change his password, run anti-virus and maleware programs, and to run Microsoft’s Free Malicious Software Removal Tool. Nothing was discovered or removed.

I have done this, but these spoofed emails still go out. I know that they are not physically going out from their computer, as these messages do not appear in any sent folders, but his contact list is still being accessed somehow. So, as a temp fix, I deleted all of his contacts from his address book, and added a few bogus addresses. ( ex: [email protected], etc) He does still frequently receive messages from the MSN mailmasters that these messages failed to deliver, but no more mail is going to real people.

I have just now followed the steps listed in the above stickey, and here are the results:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7393

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/6/2011 12:29:50 PM
mbam-log-2011-08-06 (12-29-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 240454
Time elapsed: 1 hour(s), 30 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 14:52:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3160812AS rev.3.ADH
Running: download.exe; Driver: C:\DOCUME~1\KENHEN~1\LOCALS~1\Temp\kftcypod.sys


---- System - GMER 1.0.15 ----

SSDT 865D6AF8 ZwAllocateVirtualMemory
SSDT 86572BF8 ZwCreateKey
SSDT 8658BF30 ZwCreateProcess
SSDT 865D6FA8 ZwCreateProcessEx
SSDT 865D6DC8 ZwCreateThread
SSDT 865AC130 ZwDeleteKey
SSDT 8658BFA8 ZwDeleteValueKey
SSDT 865D6B70 ZwQueueApcThread
SSDT 865D6A08 ZwReadVirtualMemory
SSDT 865AC0B8 ZwRenameKey
SSDT 865D6C60 ZwSetContextThread
SSDT 865E7340 ZwSetInformationKey
SSDT 865D6EB8 ZwSetInformationProcess
SSDT 865D6CD8 ZwSetInformationThread
SSDT 865E72C8 ZwSetValueKey
SSDT 865D6E40 ZwSuspendProcess
SSDT 865D6BE8 ZwSuspendThread
SSDT 865D6F30 ZwTerminateProcess
SSDT 865D6D50 ZwTerminateThread
SSDT 865D6A80 ZwWriteVirtualMemory

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF736A29E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF736A1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF736A1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF736A1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF736A274]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF736A2B4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF736A288]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA1 8050453D 5 Bytes [BF, 58, 86, A8, 6F] {MOV EDI, 0x6fa88658}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 2 Bytes [C8, 6D]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EB4 80504750 2 Bytes [70, 6B] {JO 0x6d}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F38 805047D4 2 Bytes [60, 6C] {PUSHA ; INSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 2 Bytes [40, 6E] {INC EAX; OUTSB }
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009000A2
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0090007D
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090006C
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900FAF
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000B3
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F77
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F35
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009000CE
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F24
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900051
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F88
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F50
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00039
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0006F
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00054
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF003A
.text C:\WINDOWS\system32\svchost.exe[260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\svchost.exe[260] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[260] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[260] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[260] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00920FB6
.text C:\WINDOWS\system32\svchost.exe[260] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\System32\svchost.exe[360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F8001E
.text C:\WINDOWS\System32\svchost.exe[360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F700C9
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F700A2
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70091
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7006C
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70112
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700F7
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70159
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F7013E
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70025
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F700DA
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70123
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6001B
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6004A
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F8D
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60F9E
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\System32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50FA8
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FC3
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F5000C
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\System32\svchost.exe[360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50029
.text C:\WINDOWS\System32\svchost.exe[360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FE5

.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F83
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40078
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B4009F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40F57
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400DF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40F3C
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B40F2B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B40051
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B40F72
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B400B0
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B7004A
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70098
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B7002F
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70014
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70087
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70076
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7005B
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60049
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FC8
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60038
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B6001D
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FE5
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270081
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270070
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027005F
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA2
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270044
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F5B
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700A3
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C8
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F2F
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700E3
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB3
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270011
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270092
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270033
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270022
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F40
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCA
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360087
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036001B
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036006C
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360047
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036002C
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FB2
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FC3
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FDE
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370033
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01A00000
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01A00025
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01A00FEF
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019F0FE5
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019F0F44
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 019F0F55
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 019F002F
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 019F0F72
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 019F0014
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 019F0076
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 019F0065
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019F0EF8
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019F0F09
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019F00AC
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 019F0F83
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019F0FD4
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 019F0054
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 019F0FA8
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 019F0FC3
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019F0087
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01BD0014
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01BD0F72
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01BD0FC3
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01BD0FD4
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01BD0F83
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01BD0FEF
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01BD0F9E
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 89]
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01BD0025
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01BC0F9E
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 01BC0FB9
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01BC0FDE
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01BC0000
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01BC0033
.text C:\WINDOWS\system32\svchost.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01BC0FEF
.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01BB0FEF
.text C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01A10FE5
.text C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01A10000
.text C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01A10FCA
.text C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01A10FB9
.text C:\WINDOWS\Explorer.EXE[792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02210000
.text C:\WINDOWS\Explorer.EXE[792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02210025
.text C:\WINDOWS\Explorer.EXE[792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02210FEF
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02200000
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02200070
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02200055
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02200F87
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02200044
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02200FC7
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 022000A8
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0220008D
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02200F16
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 022000B9
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02200F05
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02200FAC
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02200011
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02200F56
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02200033
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02200022
.text C:\WINDOWS\Explorer.EXE[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02200F3B
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02540039
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02540F9E
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02540FDE
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02540FEF
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02540065
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02540000
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02540054
.text C:\WINDOWS\Explorer.EXE[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02540FCD
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0253004C
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 02530FC1
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02530027
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02530FEF
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02530FD2
.text C:\WINDOWS\Explorer.EXE[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0253000C
.text C:\WINDOWS\Explorer.EXE[792] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02220FEF
.text C:\WINDOWS\Explorer.EXE[792] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02220FDE
.text C:\WINDOWS\Explorer.EXE[792] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02220FCD
.text C:\WINDOWS\Explorer.EXE[792] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02220FB2
.text C:\WINDOWS\Explorer.EXE[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02230000
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F30
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F55
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F7C
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F04
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0040
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0082
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0067
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0093
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F1F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0EE9
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90FAF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C9006C
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C9005B
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C9004A
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80038
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80027
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FD2
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FE3
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FB7
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8000C
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F9B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040086
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040069
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040058
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400D2
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F8A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000400F7
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F5E
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040112
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040047
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000400AB
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040036
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F6F
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50FCD
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F97
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50054
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D50043
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FBC
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070F9C
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070027
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FC1
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0069
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0058
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F3E
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F59
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F08
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00AB
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00BC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0084
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F2D
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F94
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FC8
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0053
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD002E
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD001D
.text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F1001B

.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F59
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F6A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F85
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F0004E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00069
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F21
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F0008E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00EF5
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00EDA
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F0003D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F3E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FC0
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F10
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F90F46
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F90F57
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F90F72
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [19, 89]
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F90F83
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F80FA6
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F80FC1
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F80FD2
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F80031
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F8000C
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD0014
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0FAC
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC00A1
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC007A
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC005F
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0033
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F91
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00D7
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC010F
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00F4
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0120
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC004E
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00BC
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FD1
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0022
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F76
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0FCA
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0F68
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0F83
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0F94
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0F8B
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FA6
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FC1
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0016
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0FD2
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04620FEF
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04620FD4
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0462000A
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04610000
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04610071
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04610F72
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04610056
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04610F8D
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0461002F
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04610F57
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04610093
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 046100CB
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04610F32
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 046100DC
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04610FA8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04610FE5
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04610082
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04610FB9
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04610FCA
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 046100B0
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04790FAF
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04790F94
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04790000
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04790FD4
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04790051
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04790FE5
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0479002C
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04790011
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0478005F
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 04780FDE
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04780FEF
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0478000C
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0478004E
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04780029
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 04760FEF
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0475000A
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04750FE5
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04750025
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 04750036
.text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006E008B
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006E0FA0
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006E007A
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006E0069
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006E003D
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006E0F5E
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006E0F7B
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006E00ED
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006E00D2
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006E0F39
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006E0058
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006E00A6
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006E002C
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006E0011
.text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006E00C1
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006D001E
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006D0F86
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006D0FC3
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006D0039
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006D0F97
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8D, 88]
.text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006D0FA8
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710F7A
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710F95
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FC1
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710FE3
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710FA6
.text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FD2
.text C:\WINDOWS\System32\svchost.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00820FDE
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00820014
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00810F66
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810065
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00810F8D
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00810F9E
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00810036
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00810F49
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00810091
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00810F24
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008100C7
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00810F13
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00810FAF
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00810080
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0081001B
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00810FCA
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008100B6
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00850F94
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00850025
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00850014
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0085005B
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00850FEF
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00850FB9
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A5, 88]
.text C:\WINDOWS\system32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00850040
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0084005F
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00840044
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00840029
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00840FDE
.text C:\WINDOWS\system32\svchost.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00840FEF
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00830FE5
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0070001B
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F004A
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0F57
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0F72
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0F8D
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F1D
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0065
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F0076
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F0EDD
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0091
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0014
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F0FDE
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F3A
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0EF8
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006E0FDB
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006E007D
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006E002C
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006E0062
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006E0FC0
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8E, 88]
.text C:\WINDOWS\System32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006E0047
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710064
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710049
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0071001D
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0071000C
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710038
.text C:\WINDOWS\System32\svchost.exe[1708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FEF
.text C:\WINDOWS\System32\svchost.exe[1708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF0014
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE00A8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE008D
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE007C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE005F
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE003D
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE0F6A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE0F87
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE00E8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0F59
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE0F3E
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE004E
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE0FE5
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE0F98
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE002C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE00CD
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01100FAF
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01100F80
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01100FCA
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01100000
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0110003D
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01100FEF
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01100022
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01100011
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010F0FB2
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!system 77C293C7 5 Bytes JMP 010F003D
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010F0018
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010F0FEF
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010F0FCD
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010F0FDE
.text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010E000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86584FA8
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86584FA8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86584FA8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86584FA8
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86584FA8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 865D68C0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86584FA8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[1556] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[1556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 864AD758
Device \Driver\Tcpip \Device\Ip 863900A8
Device \Driver\Tcpip \Device\Ip 85BC9100
Device \Driver\Tcpip \Device\Ip 85C290C0
Device \Driver\Tcpip \Device\Ip 859FCE48

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 864AD758
Device \Driver\Tcpip \Device\Tcp 863900A8
Device \Driver\Tcpip \Device\Tcp 85BC9100
Device \Driver\Tcpip \Device\Tcp 85C290C0
Device \Driver\Tcpip \Device\Tcp 859FCE48

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Udp 864AD758
Device \Driver\Tcpip \Device\Udp 863900A8
Device \Driver\Tcpip \Device\Udp 85BC9100
Device \Driver\Tcpip \Device\Udp 85C290C0
Device \Driver\Tcpip \Device\Udp 859FCE48

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 864AD758
Device \Driver\Tcpip \Device\RawIp 863900A8
Device \Driver\Tcpip \Device\RawIp 85BC9100
Device \Driver\Tcpip \Device\RawIp 85C290C0
Device \Driver\Tcpip \Device\RawIp 859FCE48

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 864AD758
Device \Driver\Tcpip \Device\IPMULTICAST 863900A8
Device \Driver\Tcpip \Device\IPMULTICAST 85BC9100
Device \Driver\Tcpip \Device\IPMULTICAST 85C290C0
Device \Driver\Tcpip \Device\IPMULTICAST 859FCE48

---- Threads - GMER 1.0.15 ----

Thread System [4:220] A8FEE730

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 15:17:35
-----------------------------
15:17:35.718 OS Version: Windows 5.1.2600 Service Pack 3
15:17:35.718 Number of processors: 2 586 0x407
15:17:35.718 ComputerName: DELL-5150 UserName:
15:17:36.140 Initialize success
15:17:44.468 AVAST engine defs: 11080601
15:17:48.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:17:48.437 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
15:17:50.484 Disk 0 MBR read successfully
15:17:50.484 Disk 0 MBR scan
15:17:50.531 Disk 0 Windows XP default MBR code
15:17:50.546 Disk 0 scanning sectors +312496380
15:17:50.765 Disk 0 scanning C:\WINDOWS\system32\drivers
15:18:28.953 Service scanning
15:18:30.109 Modules scanning
15:19:08.968 Disk 0 trace - called modules:
15:19:09.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:19:09.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865c5ab8]
15:19:09.000 3 CLASSPNP.SYS[f761efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x865c9d98]
15:19:09.343 AVAST engine scan C:\WINDOWS
15:19:43.515 AVAST engine scan C:\WINDOWS\system32
15:25:40.640 AVAST engine scan C:\WINDOWS\system32\drivers
15:26:47.343 AVAST engine scan C:\Documents and Settings\Ken Henrikson
16:04:53.281 AVAST engine scan C:\Documents and Settings\All Users
16:18:22.984 Scan finished successfully
17:00:30.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ken Henrikson\Desktop\hogan virus\MBR.dat"
17:00:30.984 The log file has been saved successfully to "C:\Documents and Settings\Ken Henrikson\Desktop\hogan virus\aswMBR.txt"


--------------------------------------------------------------------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ken Henrikson at 17:01:12 on 2011-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.362 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110512213408.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299460619250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299546424625
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
TCP: Interfaces\{53099178-EF77-46B8-9EF1-82B6AA7833A2} : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2011-3-22 29832]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-6 84200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-6 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-6 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-6 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-6 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-6 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-6 141792]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2011-3-6 61529]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2011-3-22 4048256]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2011-7-30 1201656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-6 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-6 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-6 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-6 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-6 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-6 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-6 84488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-06 00:12:57 -------- d-----w- c:\documents and settings\ken henrikson\local settings\application data\SCE
2011-08-06 00:09:47 -------- d-----w- c:\program files\Sony Online Entertainment
2011-08-06 00:09:45 -------- d-----w- c:\documents and settings\ken henrikson\application data\Sony Online Entertainment
2011-08-02 23:02:00 -------- d-----w- c:\documents and settings\ken henrikson\local settings\application data\Temp
2011-08-02 00:58:44 -------- d-----w- c:\documents and settings\all users\application data\MSNDynFiles
2011-07-30 17:14:25 1563024 ----a-w- c:\windows\WRSetup.dll
2011-07-30 17:14:24 -------- d-----w- c:\program files\Webroot
2011-07-30 17:14:24 -------- d-----w- c:\documents and settings\ken henrikson\application data\Webroot
2011-07-30 17:14:24 -------- d-----w- c:\documents and settings\all users\application data\Webroot
2011-07-30 04:16:07 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-07-30 04:16:06 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-07-30 04:16:04 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-30 04:15:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-07-30 04:15:26 -------- d-----w- c:\program files\Heroes of Newerth
2011-07-29 21:44:49 -------- d-----w- c:\program files\KingsIsle Entertainment
2011-07-28 23:11:01 -------- d-----w- c:\program files\Disney
2011-07-12 01:26:08 389120 ----a-w- c:\program files\msn\msncorefiles\msndynfiles\txsrvc.dll
2011-07-12 01:25:16 476672 ----a-w- c:\program files\msn\msncorefiles\msndynfiles\unicows.dll
2011-07-08 23:57:24 -------- d-----w- c:\documents and settings\ken henrikson\local settings\application data\Google
2011-07-08 23:56:45 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 00:30:30 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-17 00:30:07 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-17 00:30:07 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-14 20:37:48 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:02:25.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2011 6:49:31 PM
System Uptime: 8/6/2011 10:40:13 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 85.401 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: EH102 Wireless G Desktop Adapter
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_3B221186&REV_03\4&5855BE9&0&10F0
Manufacturer: eHome
Name: EH102 Wireless G Desktop Adapter
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_3B221186&REV_03\4&5855BE9&0&10F0
Service: W8335XP
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP45: 5/2/2011 5:19:31 PM - System Checkpoint
RP46: 5/8/2011 8:17:15 PM - System Checkpoint
RP47: 5/10/2011 5:53:17 PM - System Checkpoint
RP48: 5/12/2011 10:13:55 PM - Software Distribution Service 3.0
RP49: 5/16/2011 4:36:42 PM - System Checkpoint
RP50: 5/16/2011 5:04:50 PM - Installed Java(TM) 6 Update 25
RP51: 5/17/2011 5:17:05 PM - System Checkpoint
RP52: 5/19/2011 8:03:58 PM - System Checkpoint
RP53: 5/26/2011 6:10:40 PM - System Checkpoint
RP54: 5/31/2011 8:25:17 PM - System Checkpoint
RP55: 6/2/2011 7:28:18 PM - System Checkpoint
RP56: 6/5/2011 9:22:46 PM - System Checkpoint
RP57: 6/16/2011 3:51:09 PM - Software Distribution Service 3.0
RP58: 6/17/2011 4:36:28 PM - System Checkpoint
RP59: 6/18/2011 4:53:05 PM - Software Distribution Service 3.0
RP60: 6/27/2011 2:59:16 PM - System Checkpoint
RP61: 6/29/2011 12:16:25 PM - Software Distribution Service 3.0
RP62: 7/13/2011 4:18:14 PM - Software Distribution Service 3.0
RP63: 7/20/2011 2:36:55 PM - System Checkpoint
RP64: 7/23/2011 12:46:36 PM - System Checkpoint
RP65: 7/24/2011 4:45:47 PM - System Checkpoint
RP66: 7/29/2011 5:44:48 PM - Installed Wizard101
RP67: 7/30/2011 12:15:50 AM - Installed DirectX
RP68: 7/31/2011 6:29:58 PM - System Checkpoint
RP69: 8/6/2011 4:59:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.6
Battlefield Heroes
BufferChm
C4700
CCleaner
Conexant D850 56K V.9x DFVc Modem
Dell Driver Download Manager
Destinations
DeviceDiscovery
Disney Pirates of the Caribbean Online
Disney Toontown Online
Free Realms
Gangsters
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life: Blue Shift
Half-Life: Opposing Force
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 13.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Left 4 Dead
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee VirusScan
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Mount&Blade Warband
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Oregon Trail 5
PS_AIO_06_C4700_SW_Min
PunkBuster Services
Roblox for Ken Henrikson
Scan
Scooby-Doo(TM), Case File #1 The Glowing Bug Man
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sid Meier's Pirates!
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Spy Sweeper Core
Spy Sweeper for MSN
Status
Steam
Stubbs the Zombie in Rebel Without a Pulse
swMSM
System Requirements Lab for Intel
Team Fortress 2
Team Fortress Classic
The Sims 2
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wizard101
Zombie Panic Source
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

I just ran the TDSS Killer. Here is the log. Thank you again.

2011/08/07 09:16:48.0328 2904 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 09:16:48.0953 2904 ================================================================================
2011/08/07 09:16:48.0953 2904 SystemInfo:
2011/08/07 09:16:48.0953 2904
2011/08/07 09:16:48.0953 2904 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/07 09:16:48.0953 2904 Product type: Workstation
2011/08/07 09:16:48.0953 2904 ComputerName: DELL-5150
2011/08/07 09:16:48.0953 2904 UserName: Ken Henrikson
2011/08/07 09:16:48.0953 2904 Windows directory: C:\WINDOWS
2011/08/07 09:16:48.0953 2904 System windows directory: C:\WINDOWS
2011/08/07 09:16:48.0953 2904 Processor architecture: Intel x86
2011/08/07 09:16:48.0953 2904 Number of processors: 2
2011/08/07 09:16:48.0953 2904 Page size: 0x1000
2011/08/07 09:16:48.0953 2904 Boot type: Normal boot
2011/08/07 09:16:48.0953 2904 ================================================================================
2011/08/07 09:16:49.0906 2904 Initialize success
2011/08/07 09:16:56.0468 2164 ================================================================================
2011/08/07 09:16:56.0468 2164 Scan started
2011/08/07 09:16:56.0468 2164 Mode: Manual;
2011/08/07 09:16:56.0468 2164 ================================================================================
2011/08/07 09:16:57.0031 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/07 09:16:57.0093 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/07 09:16:57.0156 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/07 09:16:57.0218 2164 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/07 09:16:57.0281 2164 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/07 09:16:57.0468 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/07 09:16:57.0515 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/07 09:16:57.0546 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/07 09:16:57.0625 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/07 09:16:57.0703 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/07 09:16:57.0796 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/07 09:16:57.0921 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/07 09:16:58.0000 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/07 09:16:58.0015 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/07 09:16:58.0062 2164 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/08/07 09:16:58.0421 2164 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/07 09:16:58.0546 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/07 09:16:58.0609 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/07 09:16:58.0687 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/07 09:16:58.0718 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/07 09:16:58.0781 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/07 09:16:58.0843 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/07 09:16:58.0906 2164 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/07 09:16:58.0953 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/07 09:16:58.0984 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/07 09:16:59.0015 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/07 09:16:59.0031 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/07 09:16:59.0093 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/07 09:16:59.0140 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/07 09:16:59.0171 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/07 09:16:59.0218 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/07 09:16:59.0250 2164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/07 09:16:59.0281 2164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/07 09:16:59.0375 2164 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/07 09:16:59.0421 2164 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/07 09:16:59.0515 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/07 09:16:59.0578 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/07 09:16:59.0656 2164 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/07 09:16:59.0781 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/07 09:16:59.0906 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/07 09:16:59.0984 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/07 09:17:00.0031 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/07 09:17:00.0062 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/07 09:17:00.0093 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/07 09:17:00.0125 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/07 09:17:00.0156 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/07 09:17:00.0187 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/07 09:17:00.0218 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/07 09:17:00.0250 2164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/07 09:17:00.0296 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/07 09:17:00.0343 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/07 09:17:00.0453 2164 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/07 09:17:00.0500 2164 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/08/07 09:17:00.0656 2164 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/08/07 09:17:00.0828 2164 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/08/07 09:17:00.0890 2164 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/08/07 09:17:00.0953 2164 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/08/07 09:17:01.0015 2164 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/07 09:17:01.0031 2164 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/07 09:17:01.0046 2164 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/08/07 09:17:01.0078 2164 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/08/07 09:17:01.0125 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/07 09:17:01.0171 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/07 09:17:01.0218 2164 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/07 09:17:01.0234 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/07 09:17:01.0281 2164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/07 09:17:01.0296 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/07 09:17:01.0359 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/07 09:17:01.0421 2164 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/07 09:17:01.0468 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/07 09:17:01.0515 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/07 09:17:01.0515 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/07 09:17:01.0546 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/07 09:17:01.0578 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/07 09:17:01.0656 2164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/07 09:17:01.0703 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/07 09:17:01.0718 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/07 09:17:01.0750 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/07 09:17:01.0750 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/07 09:17:01.0812 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/07 09:17:01.0937 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/07 09:17:02.0109 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/07 09:17:02.0265 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/07 09:17:02.0312 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/07 09:17:02.0359 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/07 09:17:02.0421 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/07 09:17:02.0484 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/07 09:17:02.0546 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/07 09:17:02.0578 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/07 09:17:02.0609 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/07 09:17:02.0640 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/07 09:17:02.0687 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/07 09:17:02.0703 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/07 09:17:02.0921 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/07 09:17:02.0937 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/07 09:17:02.0984 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/07 09:17:03.0078 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/07 09:17:03.0140 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/07 09:17:03.0156 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/07 09:17:03.0187 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/07 09:17:03.0234 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/07 09:17:03.0250 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/07 09:17:03.0281 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/07 09:17:03.0312 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/07 09:17:03.0343 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/07 09:17:03.0500 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/07 09:17:03.0546 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/07 09:17:03.0625 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/07 09:17:03.0718 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/07 09:17:03.0781 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/07 09:17:03.0828 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/07 09:17:03.0875 2164 ssfs0bbc (6c46d1d2fc31a8cf0f1d6f9d6859d836) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
2011/08/07 09:17:04.0250 2164 sshrmd (cfbd9006204468f64c5737f71eb602f3) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2011/08/07 09:17:04.0265 2164 ssidrv (808c18876dd615b82f08298c98af46b2) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2011/08/07 09:17:04.0390 2164 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/07 09:17:04.0468 2164 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/07 09:17:04.0531 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/07 09:17:04.0781 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/07 09:17:05.0203 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/07 09:17:05.0265 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/07 09:17:05.0296 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/07 09:17:05.0359 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/07 09:17:05.0390 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/07 09:17:05.0484 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/07 09:17:05.0531 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/07 09:17:05.0593 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/07 09:17:05.0609 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/07 09:17:05.0625 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/07 09:17:05.0671 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/07 09:17:05.0734 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/07 09:17:05.0796 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/07 09:17:05.0828 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/07 09:17:05.0859 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/07 09:17:05.0906 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/07 09:17:05.0984 2164 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
2011/08/07 09:17:06.0031 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/07 09:17:06.0062 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/07 09:17:06.0140 2164 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/07 09:17:06.0281 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/07 09:17:06.0296 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/07 09:17:06.0343 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/07 09:17:06.0437 2164 Boot (0x1200) (0c48fb88f11020bf0e6922c022abbc39) \Device\Harddisk0\DR0\Partition0
2011/08/07 09:17:06.0453 2164 ================================================================================
2011/08/07 09:17:06.0453 2164 Scan finished
2011/08/07 09:17:06.0453 2164 ================================================================================
2011/08/07 09:17:06.0453 2604 Detected object count: 0
2011/08/07 09:17:06.0453 2604 Actual detected object count: 0

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hey Broni,

Thanx for taking the time and effort to help, not just me, but everyone that you help.

Here is the log:

ComboFix 11-08-07.01 - Ken Henrikson 08/07/2011 12:37:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.530 [GMT -4:00]
Running from: c:\documents and settings\Ken Henrikson\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ken Henrikson\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-06 00:12 . 2011-08-06 00:12 -------- d-----w- c:\documents and settings\Ken Henrikson\Local Settings\Application Data\SCE
2011-08-06 00:09 . 2011-08-06 00:09 -------- d-----w- c:\program files\Sony Online Entertainment
2011-08-06 00:09 . 2011-08-07 14:34 -------- d-----w- c:\documents and settings\Ken Henrikson\Application Data\Sony Online Entertainment
2011-08-02 23:02 . 2011-08-02 23:03 -------- d-----w- c:\documents and settings\Ken Henrikson\Local Settings\Application Data\Temp
2011-08-02 00:58 . 2011-08-02 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2011-07-30 17:14 . 2011-04-05 19:55 1563024 ----a-w- c:\windows\WRSetup.dll
2011-07-30 17:14 . 2011-07-30 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-07-30 17:14 . 2011-07-30 17:14 -------- d-----w- c:\program files\Webroot
2011-07-30 17:14 . 2011-07-30 17:14 -------- d-----w- c:\documents and settings\Ken Henrikson\Application Data\Webroot
2011-07-30 04:16 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-07-30 04:16 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-07-30 04:16 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-30 04:15 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-07-30 04:15 . 2011-07-30 05:07 -------- d-----w- c:\program files\Heroes of Newerth
2011-07-29 21:44 . 2011-07-29 21:44 -------- d-----w- c:\program files\KingsIsle Entertainment
2011-07-28 23:11 . 2011-07-28 23:11 -------- d-----w- c:\program files\Disney
2011-07-12 01:26 . 2011-07-12 01:26 389120 ----a-w- c:\program files\MSN\MSNCoreFiles\MSNDynFiles\txsrvc.dll
2011-07-12 01:25 . 2011-07-12 01:25 476672 ----a-w- c:\program files\MSN\MSNCoreFiles\MSNDynFiles\unicows.dll
2011-07-09 00:02 . 2011-08-02 23:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-07-08 23:57 . 2011-07-08 23:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-07-08 23:57 . 2011-07-29 19:33 -------- d-----w- c:\documents and settings\Ken Henrikson\Local Settings\Application Data\Google
2011-07-08 23:57 . 2011-07-08 23:57 -------- d-----w- c:\program files\Google
2011-07-08 23:56 . 2011-07-08 23:56 -------- d-----w- c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-03-09 23:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-03-09 23:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 00:30 . 2011-03-09 21:38 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-17 00:30 . 2011-06-13 22:02 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-17 00:30 . 2011-03-09 21:38 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-14 20:37 . 2011-03-09 21:38 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-02 14:02 . 2004-08-04 04:17 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBarioApps]
2011-04-26 19:22 68608 ----a-w- c:\program files\iBarioApps\iBarioApps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp]
2007-09-06 02:24 405504 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stubbs the zombie\\Stubbs.exe"=
"c:\\Program Files\\Steam\\steamapps\\kane42199\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\kane42199\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kane42199\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\kane42199\\team fortress classic\\hl.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [3/22/2011 10:14 AM 29832]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/6/2011 11:14 PM 84200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/6/2011 11:14 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/6/2011 11:14 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/6/2011 11:15 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/6/2011 11:04 PM 141792]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/6/2011 8:34 PM 61529]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/30/2011 1:14 PM 1201656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/6/2011 11:14 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/6/2011 11:14 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/6/2011 11:14 PM 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2011 7:57 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2011 7:57 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/6/2011 11:14 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/6/2011 11:14 PM 84488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:57]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:57]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UnityWebPlayer - c:\documents and settings\Ken Henrikson\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,24,4c,2f,bb,6a,40,40,b8,14,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,24,4c,2f,bb,6a,40,40,b8,14,f3,\
.
Completion time: 2011-08-07 12:46:15
ComboFix-quarantined-files.txt 2011-08-07 16:46
.
Pre-Run: 96,026,869,760 bytes free
Post-Run: 96,111,144,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 58572E4469F2B5BE5A7E9E7F1A99AF21

You're welcome :)

Combofix log looks clean now.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Their computer seems to be working OK. Haven't let them resume playing their video games.

Did you see anything in all of the previous steps, that would cause his emails to be sent?

OTL logfile created on: 8/7/2011 1:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ken Henrikson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 501.80 Mb Available Physical Memory | 49.48% Memory free
3.83 Gb Paging File | 3.28 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 89.54 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
Drive D: | 2.80 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL-5150 | User Name: Ken Henrikson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 13:02:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Henrikson\Desktop\OTL.exe
PRC - [2011/07/30 13:14:48 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 13:02:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Henrikson\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/30 13:14:48 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/09/05 22:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/22 08:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRV8335XP.sys -- (W8335XP)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 DA 86 CE CB 53 CC 01 [binary data]
IE - HKU\S-1-5-21-1060284298-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\RobloxVersions\version-18c3ec3fed324b69\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/09 19:21:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/09 19:21:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/30 13:22:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110512213408.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1299460619250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1299546424625 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/st...r_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/pl...p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/06 19:47:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/18 05:42:25 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2004/08/18 05:38:06 | 000,663,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2004/08/18 05:42:19 | 000,000,083 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004/08/17 23:13:47 | 000,598,016 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 13:02:09 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Henrikson\Desktop\OTL.exe
[2011/08/07 12:35:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/07 12:33:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/07 12:33:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/07 12:33:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/07 12:33:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/07 12:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/07 12:32:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/07 12:31:48 | 004,166,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Ken Henrikson\Desktop\ComboFix.exe
[2011/08/07 12:30:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ken Henrikson\Recent
[2011/08/07 12:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\hogan virus
[2011/08/07 12:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/05 20:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\SCE
[2011/08/05 20:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Start Menu\Programs\Games
[2011/08/05 20:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2011/08/05 20:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Application Data\Sony Online Entertainment
[2011/08/05 13:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disney Pirates of the Caribbean Online
[2011/08/02 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\Temp
[2011/08/01 21:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2011/08/01 21:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\My Documents\EA Games
[2011/08/01 20:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/07/30 13:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot
[2011/07/30 13:14:25 | 001,563,024 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2011/07/30 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/07/30 13:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Application Data\Webroot
[2011/07/30 13:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2011/07/30 00:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Start Menu\Programs\Heroes of Newerth
[2011/07/30 00:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\My Documents\Heroes of Newerth
[2011/07/30 00:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2011/07/29 17:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KingsIsle Entertainment
[2011/07/29 17:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2011/07/28 19:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disney Toontown Online
[2011/07/28 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Disney
[2011/07/11 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Application Data\Google
[2011/07/08 20:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/08 19:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/08 19:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\Google
[2011/07/08 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/08 19:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/08 19:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 13:09:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 13:02:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Henrikson\Desktop\OTL.exe
[2011/08/07 12:49:35 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\My Documents\Shortcut to Shared Documents.lnk
[2011/08/07 12:35:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/07 12:31:51 | 004,166,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Ken Henrikson\Desktop\ComboFix.exe
[2011/08/07 12:20:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/07 12:20:36 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee VirusScan.lnk
[2011/08/07 12:20:33 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 12:20:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 20:12:49 | 000,001,320 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Desktop\Free Realms.lnk
[2011/08/05 13:31:51 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk
[2011/08/01 21:18:50 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2011/08/01 20:50:25 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2011/08/01 20:50:25 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN.lnk
[2011/07/31 13:06:42 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Desktop\Play Roblox.lnk
[2011/07/30 13:22:19 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/07/30 13:14:47 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper for MSN.lnk
[2011/07/30 13:14:12 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2011/07/29 17:44:52 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2011/07/28 19:11:04 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2011/07/23 20:41:27 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 11:54:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 17:02:17 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 12:35:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/07 12:35:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/07 12:33:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/07 12:33:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/07 12:33:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/07 12:33:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/07 12:33:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/05 20:12:49 | 000,001,320 | ---- | C] () -- C:\Documents and Settings\Ken Henrikson\Desktop\Free Realms.lnk
[2011/08/05 13:31:51 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk
[2011/08/01 21:18:50 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2011/07/30 13:14:46 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper for MSN.lnk
[2011/07/30 13:14:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2011/07/29 17:44:52 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2011/07/28 19:11:04 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2011/07/08 19:57:32 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 19:57:31 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 16:20:55 | 000,000,378 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/04/19 13:48:17 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2011/03/18 21:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/03/15 18:51:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Ken Henrikson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 19:57:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/09 19:11:58 | 000,193,080 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011/03/09 19:11:58 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2011/03/09 17:38:59 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/03/09 17:38:59 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Ken Henrikson\Application Data\PnkBstrK.sys
[2011/03/09 17:38:37 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/03/09 17:38:35 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/03/06 20:34:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2011/03/06 19:49:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/06 19:44:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/06 14:37:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/06 14:36:51 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/24 15:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 15:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 15:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 16:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 16:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 16:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 17:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2004/08/04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,480,592 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,079,048 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/01 20:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/03/06 20:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2011/07/17 18:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Henrikson\Application Data\.minecraft
[2011/03/09 22:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Henrikson\Application Data\Mount&Blade Warband
[2011/08/07 10:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Henrikson\Application Data\Sony Online Entertainment
[2011/05/16 16:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Henrikson\Application Data\Superfish
[2011/03/17 18:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Henrikson\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/03/06 19:47:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/24 14:34:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/07 12:35:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/07 12:46:16 | 000,013,757 | ---- | M] () -- C:\ComboFix.txt
[2011/03/06 19:47:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/06 19:47:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/06 19:47:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/06 21:37:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/07 12:20:27 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2011/08/07 09:19:28 | 000,037,944 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_07.08.2011_09.16.48_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/03/06 19:46:51 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 15:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/03/06 14:36:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/03/06 14:36:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/03/06 14:36:01 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/03/06 21:40:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/06 21:46:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Ken Henrikson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/03/06 19:51:59 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/07 12:31:51 | 004,166,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Ken Henrikson\Desktop\ComboFix.exe
[2011/08/07 13:02:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Henrikson\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/07/30 13:19:08 | 075,444,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Henrikson\My Documents\msert.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/06 21:46:45 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ken Henrikson\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/08/07 13:01:47 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Ken Henrikson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1996/08/27 02:12:00 | 000,004,176 | R--- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system\QTNOTIFY.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 20:21:19


< End of report >

OTL Extras logfile created on: 8/7/2011 1:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ken Henrikson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 501.80 Mb Available Physical Memory | 49.48% Memory free
3.83 Gb Paging File | 3.28 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 89.54 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
Drive D: | 2.80 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL-5150 | User Name: Ken Henrikson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Steam\steamapps\common\stubbs the zombie\Stubbs.exe" = C:\Program Files\Steam\steamapps\common\stubbs the zombie\Stubbs.exe:*:Enabled:Stubbs the Zombie in Rebel Without a Pulse -- ()
"C:\Program Files\Steam\steamapps\kane42199\zombie panic! source\hl2.exe" = C:\Program Files\Steam\steamapps\kane42199\zombie panic! source\hl2.exe:*:Enabled:Zombie Panic Source -- ()
"C:\Program Files\Steam\steamapps\kane42199\half-life\hl.exe" = C:\Program Files\Steam\steamapps\kane42199\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Program Files\Steam\steamapps\kane42199\opposing force\hl.exe" = C:\Program Files\Steam\steamapps\kane42199\opposing force\hl.exe:*:Enabled:Half-Life: Opposing Force -- (Valve)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\kane42199\team fortress classic\hl.exe" = C:\Program Files\Steam\steamapps\kane42199\team fortress classic\hl.exe:*:Enabled:Team Fortress Classic -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper for MSN
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 25
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney Toontown Online" = Disney Toontown Online
"Gangsters" = Gangsters
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mount&Blade Warband" = Mount&Blade Warband
"MSC" = McAfee VirusScan
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Oregon Trail 5" = Oregon Trail 5
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Scooby-Doo(TM), Case File #1 The Glowing Bug Man" = Scooby-Doo(TM), Case File #1 The Glowing Bug Man
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17500" = Zombie Panic Source
"Steam App 20" = Team Fortress Classic
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 70" = Half-Life
"Steam App 7800" = Stubbs the Zombie in Rebel Without a Pulse
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Ken Henrikson
"f031ef6ac137efc5" = Dell Driver Download Manager
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2011 2:56:47 PM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/5/2011 11:49:55 PM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/6/2011 10:40:39 AM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/6/2011 11:09:38 PM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/7/2011 9:10:55 AM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/7/2011 10:30:17 AM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

Error - 8/7/2011 12:20:36 PM | Computer Name = DELL-5150 | Source = STacSV | ID = 268435455
Description =

[ System Events ]
Error - 7/23/2011 1:59:49 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:00:20 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:00:51 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:01:22 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:01:53 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:02:24 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:02:55 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:03:29 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 7/23/2011 2:04:00 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 7/23/2011 3:11:05 PM | Computer Name = DELL-5150 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1060284298-573735546-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

I followed the steps above, and here are the logs.
Also, encountered a problem with the Eset. I disabled McAfee Real Time Scanning, and chose the 'never' choice for reactivation. During the scan, it enabled itself and flashed a warning about a PUP. ( tool-nircmd ) something like that. I could only see it once and don't know how to find it.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1060284298-573735546-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\002858_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ken Henrikson
->Temp folder emptied: 15777122 bytes
->Temporary Internet Files folder emptied: 141885862 bytes
->Java cache emptied: 2348682 bytes
->Flash cache emptied: 2897 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

&#37;systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 392550 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Ken Henrikson
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_094933

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF86A5.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF86C9.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF8758.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF877C.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF8822.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF8846.tmp not found!
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\ZTV7705U\c[2].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\ZTV7705U\partner[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\HGQE3TSQ\918[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\AJBZJ4EM\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\9Q77U39G\c[2].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\9Q77U39G\showthread[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\9Q77U39G\signin[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee VirusScan
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

------------------------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\All Users\Documents\media.player.codec.pack.v3.9.6.setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EABBB828-76D5-462B-8213-C4DF340F71CC}\RP69\A0031076.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined

Quote:

---

and flashed a warning about a PUP. ( tool-nircmd )

---

That's part of Combofix - safe.

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.