1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help - No Icon available with a "pleading" smiley!

Discussion in 'Virus & Other Malware Removal' started by huskydawg2001, Jan 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Posted new thread last month but received no response. Please Help!

    Computer running very slow and mouse and/or keyboard simply stop working. Have run chkdsk, defrag, disk clean-up, McAfee scans, and SUPERAnti-Spyware scans (ver 4.47.1000) multiple times. SUPER Anti-Spyware typically finds items and am able to correct them but with no overall improvement.

    IE takes forever to load (maybe 3-5 minutes) and comes up with a message (in the popup blocker area) indicating that my current security settings "put me at risk" and asks me to click to fix them.

    Based upon forum recommendations, I have run HiJack This, DDS and GMER.

    DDS starts, and the DOS/Command window appears for maybe 15 seconds, and closes, but the program doesn't appear to generate any log files.

    I ran GMER multiple times--it kept failing with blue screen. After stopping a number of non-essential processes in the task list, I was able to get it to complete, and am attaching the ark.txt file below.

    HiJack This log is also included below.

    Thank you in advance...this is extremely frustrating.

    HIJACK THIS LOG FILE:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:59:33 PM, on 1/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Icons\SetIcon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Scott Callen\Desktop\Virus\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104023102.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.203,85.255.112.77
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.203,85.255.112.77
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.203,85.255.112.77
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1ca4544311ab70c) (gupdate1ca4544311ab70c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\CECECA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 14853 bytes




    GMER LOG FILE:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-11 13:57:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JS-75NCB2 rev.10.02E03
    Running: er275zfu.exe; Driver: C:\DOCUME~1\SCOTTC~1\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF40E3620]

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF742B0E0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF742B0F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF742B120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF742B176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF742B0CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF742B0A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF742B0B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF742B10A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF742B14C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF742B136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF742B1A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF742B18C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF742B160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP F742B164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP F742B17A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP F742B190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetSecurityObject 805C05DA 5 Bytes JMP F742B150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP F742B0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP F742B0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP F742B1A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP F742B13A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 3 Bytes JMP F742B10E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey + 4 806231EE 3 Bytes [76, 90, 90] {JBE 0xffffffffffffff92; NOP }
    PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP F742B0E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP F742B0F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP F742B124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP F742B0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ndjgupf.sys!DllInitialize + FFFC19F0 F4062380 1 Byte [E0]
    .text ndjgupf.sys!DllInitialize + FFFC19F0 F4062380 7 Bytes [E0, 00, 02, 21, 0B, 01, 09]
    .text ndjgupf.sys!DllInitialize + FFFC19F9 F4062389 2 Bytes [9C, 01]
    .text ndjgupf.sys!DllInitialize + FFFC19FD F406238D 1 Byte [08]
    .text ndjgupf.sys!BthInitializeBip F4062390 12 Bytes [00, 00, 00, 00, A6, 70, 01, ...]
    .text ndjgupf.sys!BthInitializeBip + D F406239D 19 Bytes [D0, 01, 00, 00, 00, 00, 10, ...]
    .text ndjgupf.sys!BthInitializeBip + 22 F40623B2 10 Bytes [00, 00, 05, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthInitializeBip + 2D F40623BD 99 Bytes [E0, 01, 00, 00, 04, 00, 00, ...]
    .text ndjgupf.sys!BthAcquireBipCancelLockAtDpcLevel + 12 F4062422 51 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthAcquireBipCancelLock + 17 F4062457 41 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthReleaseBipCancelLockFromDpcLevel + 12 F4062482 215 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text ndjgupf.sys!BthReleaseBipCancelLock + BA F406255A 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthReleaseBipCancelLock + CC F406256C 13 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthReleaseBipCancelLock + DA F406257A 33 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ndjgupf.sys!BthReleaseBipCancelLock + FC F406259C 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text ndjgupf.sys!BthReleaseBipCancelLock + 106 F40625A6 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    .text ndjgupf.sys!BTHPORT_FatalHardwareError + 346 F4062BE6 360 Bytes [EC, D2, 54, 4F, ED, EE, 71, ...]
    .text ndjgupf.sys!BTHPORT_FatalHardwareError + 4AF F4062D4F 109 Bytes [7A, B5, CA, 62, 0E, 19, 78, ...]
    .text ndjgupf.sys!BTHPORT_FatalHardwareError + 51D F4062DBD 288 Bytes [D2, 78, CC, F4, 0C, 6D, A1, ...]
    .text ndjgupf.sys!BTHPORT_FatalHardwareError + 63E F4062EDE 269 Bytes [2F, 30, BF, 65, D5, F1, 9D, ...]
    .text ndjgupf.sys!BTHPORT_FatalHardwareError + 74C F4062FEC 285 Bytes [D8, 58, 8F, E2, 3E, 50, B3, ...]
    .text ...
    .text ndjgupf.sys!BTHPORT_AllocateBip + 38 F40645C8 43 Bytes [59, 63, 9D, 44, 6D, BF, 81, ...]
    .text ndjgupf.sys!BTHPORT_AllocateBip + 64 F40645F4 219 Bytes [E6, 91, 58, 1A, 65, 6A, 48, ...]
    .text ndjgupf.sys!BTHPORT_FreeBip + 50 F40646D0 13 Bytes [65, 1A, F2, 4D, 2C, 16, B5, ...]
    .text ndjgupf.sys!BTHPORT_FreeBip + 5E F40646DE 587 Bytes [18, 61, 6D, 56, A4, 89, 3E, ...]
    .text ndjgupf.sys!BTHPORT_RecvMpBip + 21A F406492A 85 Bytes [21, 21, EE, 88, 62, F6, 1C, ...]
    .text ndjgupf.sys!BTHPORT_RecvMpBip + 270 F4064980 250 Bytes [5F, 16, 95, C8, 2B, 3D, DD, ...]
    .text ndjgupf.sys!BTHPORT_RecvMpBip + 36B F4064A7B 363 Bytes [FD, 38, 34, 03, 42, 3A, 55, ...]
    .text ndjgupf.sys!BTHPORT_RecvMpBip + 4D7 F4064BE7 129 Bytes [DF, 9B, 0C, 78, 1F, AA, 49, ...]
    .text ndjgupf.sys!BTHPORT_RecvMpBip + 559 F4064C69 500 Bytes [FC, EF, 6E, 33, F9, F1, 9A, ...]
    .text ...
    PAGE ndjgupf.sys!DllUnload F408FC90 12 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ndjgupf.sys!DllUnload + D F408FC9D 14 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ndjgupf.sys!DllUnload + 1C F408FCAC 19 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    PAGE ndjgupf.sys!DllUnload + 33 F408FCC3 6 Bytes [00, 00, 00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ndjgupf.sys!DllUnload + 3A F408FCCA 12 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ...
    PAGE ndjgupf.sys!BTHPORT_RegisterMiniport + 11 F408FD41 3 Bytes [00, 00, 00]
    PAGE ndjgupf.sys!BTHPORT_RegisterMiniport + 15 F408FD45 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ndjgupf.sys!BTHPORT_RegisterMiniport + 21 F408FD51 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
    PAGE ndjgupf.sys!BTHPORT_RegisterMiniport + 27 F408FD57 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    PAGE ndjgupf.sys!BTHPORT_RegisterMiniport + 39 F408FD69 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\rundll32.exe[332] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 24000025
    .text C:\WINDOWS\system32\rundll32.exe[332] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 2A000025
    .text C:\WINDOWS\system32\rundll32.exe[332] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 27000025
    .text C:\WINDOWS\system32\rundll32.exe[332] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 2D000025
    .text C:\WINDOWS\system32\rundll32.exe[332] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\system32\rundll32.exe[332] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 30000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP E1000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP E7000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP F0000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!send 71AB4C27 8 Bytes JMP ED000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 1E000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP E4000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!recv 71AB676F 8 Bytes JMP 21000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP EA000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 0F000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 06000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP FF000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 03000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 15000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP F6000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 18000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP F3000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 12000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 0C000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 09000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 1B000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP F9000025
    .text C:\WINDOWS\system32\rundll32.exe[332] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP FC000025
    .text C:\WINDOWS\system32\svchost.exe[368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50FEF
    .text C:\WINDOWS\system32\svchost.exe[368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FCD
    .text C:\WINDOWS\system32\svchost.exe[368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50FDE
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F79
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40064
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40053
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F94
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FB9
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A400B7
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A4009A
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400F4
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400E3
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F40
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40036
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A4000A
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40089
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FCA
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A4001B
    .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400C8
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FE5
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC005B
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0036
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC001B
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F9E
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FAF
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
    .text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FCA
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70051
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A70036
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FC6
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70000
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70025
    .text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A70FE3
    .text C:\WINDOWS\system32\svchost.exe[368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A6000A
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 027A0000
    .text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 027A001B
    .text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 027A0FE5
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02790FEF
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02790F94
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02790089
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 02790078
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [85]
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0279005B
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0279004A
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02790F6D
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027900B5
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02790F4B
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02790F5C
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02790109
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02790FB9
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0279000A
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027900A4
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02790025
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02790FDE
    .text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027900DA
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05D20022
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 1 Byte [E9]
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05D20070
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05D20FDB
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05D20011
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05D20055
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05D20000
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 05D20044
    .text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05D20033
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05D10053
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!system 77C293C7 5 Bytes JMP 05D10042
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05D10FD2
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05D10FEF
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05D10027
    .text C:\WINDOWS\System32\svchost.exe[540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05D10000
    .text C:\WINDOWS\System32\svchost.exe[540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 027C0000
    .text C:\WINDOWS\System32\svchost.exe[540] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 027B0000
    .text C:\WINDOWS\System32\svchost.exe[540] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 027B001B
    .text C:\WINDOWS\System32\svchost.exe[540] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 027B0FE5
    .text C:\WINDOWS\System32\svchost.exe[540] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 027B0036
    .text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0092001B
    .text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FE5
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F8A
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091007F
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0091006E
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910051
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091001B
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009100C8
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009100AB
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F40
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100D9
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009100F4
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910036
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FD4
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910090
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FB9
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0091000A
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910F65
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FCA
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900080
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0090001B
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900000
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0090005B
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FE5
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900FB9
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900040
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00F7A
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00F95
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FC1
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FB0
    .text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
    .text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00930000
    .text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00930025
    .text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00930036
    .text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0093005B
    .text C:\WINDOWS\system32\svchost.exe[824] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B40FEF
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B40FAF
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B40FD4
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30FE5
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30067
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30F72
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3004A
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30F8D
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30FB9
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F57
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B300A9
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B300D5
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B30F3C
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B300E6
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30FA8
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30000
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B3008C
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FCA
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B3001B
    .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B300BA
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A6002C
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60F9B
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A6001B
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60FE5
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60FB6
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A60000
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A6004E
    .text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A6003D
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50044
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50033
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50018
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FEF
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FC3
    .text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FDE
    .text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A4000A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 46000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 4C000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 49000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 4F000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 04000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes [55, 90, FF, 25, 00, 00, 0A, ...] {PUSH EBP; NOP ; JMP [0xe0a0000]}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 13000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!send 71AB4C27 8 Bytes [55, 90, FF, 25, 00, 00, 10, ...] {PUSH EBP; NOP ; JMP [0xe100000]}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 40000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 07000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!recv 71AB676F 8 Bytes JMP 43000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 0D000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 31000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 28000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 22000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 25000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 37000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 19000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 3A000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 16000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 34000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 2E000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 2B000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 84000000
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 1C000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 1F000025
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1132] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 52000025
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0082000A
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00820FEF
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0082001B
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00810000
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00810F5C
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810F81
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0081005B
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00810F9E
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00810FC0
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008100A4
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00810093
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00810F26
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00810F37
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008100DA
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00810FAF
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0081001B
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00810076
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00810036
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00810FE5
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008100BF
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00850FCD
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00850FA1
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00850FDE
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00850014
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00850FBC
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00850FEF
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00850054
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00850043
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00840F8B
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!system 77C293C7 5 Bytes JMP 00840FA6
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00840FD2
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00840FEF
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00840FC1
    .text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0084000C
    .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00830FEF
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 5D000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 63000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 60000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 66000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 69000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 02000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 21000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 2A000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!send 71AB4C27 8 Bytes JMP 27000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 57000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 1E000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!recv 71AB676F 8 Bytes JMP 5A000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 24000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 48000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 3F000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 39000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 3C000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 4E000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 30000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 51000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 2D000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 4B000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetReadFileExW 3D963349 6 Bytes JMP 45000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetReadFileExW + 7 3D963350 1 Byte [01]
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 42000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 54000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 33000025
    .text C:\WINDOWS\eHome\ehmsas.exe[1404] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 36000025
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE0000
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE0022
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE0011
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F7E
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F99
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0FAA
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0073
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD004E
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F3F
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F50
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00A9
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F10
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0EFF
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0FD1
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD001B
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0F6D
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD003D
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD002C
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0098
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC002F
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0FB9
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FDE
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0076
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CC0065
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC004A
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00F8B
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00F9C
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FC1
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D0000C
    .text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
    .text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FE5
    .text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FEF
    .text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FCD
    .text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FDE
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FE5
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F4D
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F68
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F79
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040036
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FAF
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F10
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F21
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040098
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040087
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000400A9
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040F94
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040000
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040F32
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0004001B
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FCA
    .text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040EFF
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50FC3
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F72
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FD4
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FE5
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50F83
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D5000A
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D50025
    .text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FA8
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40F97
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FA8
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FDE
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40FEF
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40FC3
    .text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D4000C
    .text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00070000
    .text C:\WINDOWS\system32\services.exe[1780] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[1780] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00060FDE
    .text C:\WINDOWS\system32\services.exe[1780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00060014
    .text C:\WINDOWS\system32\services.exe[1780] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00060FC3
    .text C:\WINDOWS\Explorer.EXE[1784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FE5
    .text C:\WINDOWS\Explorer.EXE[1784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCA
    .text C:\WINDOWS\Explorer.EXE[1784] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0078
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0067
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0040
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D002F
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FA8
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F3A
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F57
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D009D
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0F0E
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EE9
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0F97
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FDE
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F68
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0FCD
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0014
    .text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F29
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FCA
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0047
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FE5
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0025
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F8A
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FA5
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
    .text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0036
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD0036
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0FAB
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD0FCD
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0FEF
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD0FBC
    .text C:\WINDOWS\Explorer.EXE[1784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD0FDE
    .text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AF0FE5
    .text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AF0000
    .text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AF0FCA
    .text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00AF001B
    .text C:\WINDOWS\Explorer.EXE[1784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03270000
    .text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050000
    .text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FD4
    .text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FEF
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0004005E
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F69
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040043
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040F86
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FA1
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F31
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040079
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F20
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000400AF
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000400D4
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040028
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FD4
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040F4E
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FB2
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FC3
    .text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040094
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FB9
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D30036
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D3000A
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D30FDE
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D3001B
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D30FEF
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D30F83
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F3, 88]
    .text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D30F9E
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070033
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070018
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FCD
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FB2
    .text C:\WINDOWS\system32\lsass.exe[1800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FDE
    .text C:\WINDOWS\system32\lsass.exe[1800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FE5
    .text C:\WINDOWS\system32\dllhost.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10FEF
    .text C:\WINDOWS\system32\dllhost.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F10014
    .text C:\WINDOWS\system32\dllhost.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10FDE
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F68
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F79
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F8A
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FA5
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FC0
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F46
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F57
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000B0
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F0009F
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F06
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00047
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FDB
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00082
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F0002C
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00011
    .text C:\WINDOWS\system32\dllhost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F21
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0022
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FA1
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0011
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FB2
    .text C:\WINDOWS\system32\dllhost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0000
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FCA
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F83
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF001B
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF000A
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FA8
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0040
    .text C:\WINDOWS\system32\dllhost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FB9
    .text C:\WINDOWS\system32\dllhost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FE5
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 87000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 8D000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 8A000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 90000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 93000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 17000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 31000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 1F000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!send 71AB4C27 8 Bytes JMP 37000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 81000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 1A000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!recv 71AB676F 8 Bytes JMP 84000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 34000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 56000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 3D000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 2E000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 3A000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 5C000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 25000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 5F000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 22000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 59000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 53000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 40000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 62000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 28000025
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2068] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 2B000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP B8000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP A2000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BB000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP A5000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 8F000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 86000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 80000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 83000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 95000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 0C75FFD0
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 98000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 6E000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 92000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 8C000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 89000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 9C000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 7A000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP F1FFEEEE
    .text C:\WINDOWS\ehome\ehtray.exe[2212] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\ehome\ehtray.exe[2212] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP A8000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP CC000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP DB000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP E4000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!send 71AB4C27 8 Bytes JMP E1000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 9F000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP D8000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!recv 71AB676F 8 Bytes JMP B5000025
    .text C:\WINDOWS\ehome\ehtray.exe[2212] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP DE000025
    .text C:\WINDOWS\stsystra.exe[2264] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 5E000025
    .text C:\WINDOWS\stsystra.exe[2264] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 65000025
    .text C:\WINDOWS\stsystra.exe[2264] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 62000025
    .text C:\WINDOWS\stsystra.exe[2264] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 68000025
    .text C:\WINDOWS\stsystra.exe[2264] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\stsystra.exe[2264] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 6B000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 11000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 18000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 22000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!send 71AB4C27 8 Bytes JMP 1E000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 58000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 14000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!recv 71AB676F 8 Bytes JMP 5B000025
    .text C:\WINDOWS\stsystra.exe[2264] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 1B000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 45000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 3C000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 31000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 34000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 4B000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 28000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 4E000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 25000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 48000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 42000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 3F000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 55000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 2B000025
    .text C:\WINDOWS\stsystra.exe[2264] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 2E000025
    .text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FCD
    .text C:\WINDOWS\system32\svchost.exe[2376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FDE
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0FEF
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0078
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD005D
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F83
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0F9E
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FD4
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00AB
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD009A
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00F2
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00E1
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD010D
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FB9
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0089
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0036
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD001B
    .text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD00C6
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0022
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F87
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FDB
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0011
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0FA2
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC004E
    .text C:\WINDOWS\system32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0033
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FA1
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FB2
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0022
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FCD
    .text C:\WINDOWS\system32\svchost.exe[2376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0011
    .text C:\WINDOWS\system32\svchost.exe[2376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20000
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C2002C
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C20011
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C1000A
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F92
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10087
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10FAF
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10FC0
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10047
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100C4
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C100B3
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100DF
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F46
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100F0
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10062
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C1001B
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C100A2
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FDB
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10036
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F61
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FCA
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F94
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00025
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FEF
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00FA5
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00047
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00036
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0031
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FA6
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF000C
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FB7
    .text C:\WINDOWS\system32\svchost.exe[2392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FDE
    .text C:\WINDOWS\System32\svchost.exe[2652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\System32\svchost.exe[2652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FE5
    .text C:\WINDOWS\System32\svchost.exe[2652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009001B
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F6D
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B006C
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B005B
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B004A
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FC3
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F2E
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F4B
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F1D
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B6
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00D1
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FA8
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F5C
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B002F
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD4
    .text C:\WINDOWS\System32\svchost.exe[2652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0091
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FAF
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0047
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A000A
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0036
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F94
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
    .text C:\WINDOWS\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A001B
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F005F
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F004E
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FEF
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F000C
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FDE
    .text C:\WINDOWS\System32\svchost.exe[2652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0029
    .text C:\WINDOWS\System32\svchost.exe[2652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0FEF
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP A7000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AD000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AA000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B0000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP B3000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 16000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 1C000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 25000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!send 71AB4C27 8 Bytes JMP 22000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A1000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 19000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!recv 71AB676F 8 Bytes JMP A4000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 1F000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 92000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 89000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 83000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 86000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 98000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 2C000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 9B000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 29000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 95000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 8F000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 8C000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 9E000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 30000025
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2924] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 60000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 32000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 38000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 35000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 3B000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\WINDOWS\system32\ctfmon.exe[2940] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 65007200
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F0000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP F6000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP FF000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!send 71AB4C27 8 Bytes JMP FC000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 2C000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F3000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!recv 71AB676F 8 Bytes JMP 2F000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP F9000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 1D000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 14000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 0E000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 11000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 23000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 05000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 26000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 02000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 20000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 1A000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 17000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 29000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 08000025
    .text C:\WINDOWS\system32\ctfmon.exe[2940] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 0B000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 4A000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 50000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 4D000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 53000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 56000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP C7000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP CD000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 17000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!send 71AB4C27 8 Bytes JMP 14000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 44000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP CA000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!recv 71AB676F 8 Bytes JMP 47000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 11000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 35000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 2C000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 26000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 29000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 3B000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 1D000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 65007200
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 1A000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 38000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 32000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 2F000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 41000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 20000025
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2944] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 23000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP A9000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AF000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AC000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B2000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP B5000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 25000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 2B000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 47000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!send 71AB4C27 8 Bytes JMP 44000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A3000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 28000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!recv 71AB676F 8 Bytes JMP A6000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 2E000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 94000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 7B000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 65007200
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 41000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 9A000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 35000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 9D000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 32000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 97000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 91000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 8E000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP A0000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 38000025
    .text C:\Program Files\Microsoft IntelliPoint\point32.exe[3060] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 3B000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 66000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 6C000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 69000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 6F000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\QuickTime\qttask.exe[3092] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 72000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 24000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 2A000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 33000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!send 71AB4C27 8 Bytes JMP 30000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 60000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 27000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!recv 71AB676F 8 Bytes JMP 63000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 2D000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 51000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 48000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 42000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 45000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 57000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 39000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 5A000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 36000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 54000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4E000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 4B000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 5D000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 3C000025
    .text C:\Program Files\QuickTime\qttask.exe[3092] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 3F000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 72000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 78000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 75000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 7B000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 7E000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 2F000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 36000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 3F000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!send 71AB4C27 8 Bytes JMP 3C000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 6C000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 32000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!recv 71AB676F 8 Bytes JMP 6F000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 39000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 5D000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 54000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 4E000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 51000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 63000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 45000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 66000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 42000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 60000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 5A000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 57000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 69000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 48000025
    .text C:\Documents and Settings\Scott Callen\Desktop\er275zfu.exe[3220] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 4B000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 63000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 69000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 66000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 6C000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 6F000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP CC000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP D2000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 30000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!send 71AB4C27 8 Bytes JMP 2D000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 5D000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP CF000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!recv 71AB676F 8 Bytes JMP 60000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 2A000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 4E000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 45000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 3F000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 42000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 54000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 36000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 57000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 33000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 51000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4B000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 48000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 5A000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 39000025
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 3C000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 51000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 57000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 54000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 5A000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 3C000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 33000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 2D000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP 30000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 42000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 24000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 45000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 21000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 3F000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 39000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 36000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 48000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP 27000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP 2A000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 5D000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP D0000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 15000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 1E000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!send 71AB4C27 8 Bytes JMP 1B000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 4B000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 12000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!recv 71AB676F 8 Bytes JMP 4E000025
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3360] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 18000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] USER32.dll!TranslateMessage 7E418BF6 8 Bytes JMP 20000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 26000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 23000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 29000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
    .text C:\Program Files\Icons\SetIcon.exe[3512] CRYPT32.dll!PFXImportCertStore 77AEFF8F 8 Bytes JMP 2C000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP C3000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP E1000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP EA000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!send 71AB4C27 8 Bytes JMP E7000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 1A000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP DE000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!recv 71AB676F 8 Bytes JMP 1D000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP E4000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 0B000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 02000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP F9000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetQueryDataAvailable 3D94BF83 8 Bytes JMP FD000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 11000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP F0000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 14000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP ED000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 0E000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 08000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 05000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!InternetWriteFile 3D9A608E 8 Bytes JMP 17000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpSendRequestExA 3D9BA666 8 Bytes JMP F3000025
    .text C:\Program Files\Icons\SetIcon.exe[3512] WININET.dll!HttpSendRequestExW 3D9BA6BF 8 Bytes JMP F6000025

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:1816] 86383CC5
    Thread System [4:1832] 86383A62

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 0

    ---- EOF - GMER 1.0.15 ----
     
  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log (try to run in safe mode if possible), please.
     
  3. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Thank you, Blade 81. I'm VERY much interested in obtaining help.

    With regard to DDS, I've tried unsuccessfully to get it to run (both in normal and safe mode). As noted in my original post, launching DDS spawns a command window that sits for about 5 seconds before closing without any indication that it's scanned anything or created any logs.

    I'm not sure what I'm doing wrong, but I'd appreciate any recommendations as to how I can get it to run successfully.

    Thank you.
     
  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    See if DDS from link here works.
     
  5. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade,

    Downloaded DDS from the link provided and ran in both normal and safe mode with same result. Command window appears briefly, and then disappears. No apparent scan or generation of files.

    What is supposed to happen?
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    It should generate a couple of reports if ran successfully. Let's try other tool.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  7. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade 81,

    I successfully downloaded and ran OTL. Attached are the TXT files the scans generated.

    Thank you again for your help.

    OTL.TXT
    OTL logfile created on: 1/31/2011 2:37:14 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Scott Callen\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 86.72 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
    Drive E: | 931.28 Gb Total Space | 765.44 Gb Free Space | 82.19% Space Free | Partition Type: FAT32

    Computer Name: DEN | User Name: Scott Callen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Scott Callen\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe (Sonic Solutions)
    PRC - C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    PRC - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
    PRC - C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    PRC - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Scott Callen\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\tapi32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\rasapi32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\rasman.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (SessionLauncher) -- File not found
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
    SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
    SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
    SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    SRV - (TivoBeacon2) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
    SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (ndjgupf) -- C:\WINDOWS\system32\drivers\ndjgupf.sys (Microsoft Corporation)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/10 13:53:52 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2004/08/10 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104023102.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\Scott Callen\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.203,85.255.112.77
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {12E03AEE-88D3-4183-AF58-F999B82F1AE2} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmkjj.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 01:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2009/02/21 17:32:32 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
    O33 - MountPoints2\{13110ab2-f3ce-11dc-b211-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{13110ab2-f3ce-11dc-b211-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{13110ab2-f3ce-11dc-b211-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
    O33 - MountPoints2\{c7469dee-c1ac-11dd-b24c-00038a000015}\Shell\AutoRun\command - "" = f.bat
    O33 - MountPoints2\{c7469dee-c1ac-11dd-b24c-00038a000015}\Shell\open\Command - "" = f.bat
    O33 - MountPoints2\{e217b151-99c4-11df-b2a5-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{e217b151-99c4-11df-b2a5-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e217b151-99c4-11df-b2a5-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 14:36:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott Callen\Desktop\OTL.exe
    [2011/01/31 14:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/01/31 14:20:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott Callen\Recent
    [2011/01/28 11:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/01/28 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/01/28 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/01/28 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/01/26 10:39:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2007/12/09 10:38:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/31 14:42:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E2FB4889-F2B9-44AD-B10C-FB68908319CE}.job
    [2011/01/31 14:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott Callen\Desktop\OTL.exe
    [2011/01/31 14:27:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/31 14:27:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/31 14:25:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/31 14:25:56 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/31 13:26:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/28 11:39:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/28 08:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/26 10:23:26 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Scott Callen\Desktop\dds.com
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/28 11:39:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/26 10:30:11 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/26 10:23:18 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Desktop\dds.com
    [2010/08/20 15:12:27 | 000,222,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/08/16 16:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
    [2009/07/07 11:20:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\drivers\MSIVXserv.sys
    [2009/06/13 07:03:55 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2008/12/29 21:06:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\rx_image.Cache
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/12/09 10:38:20 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
    [2007/12/09 10:38:20 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
    [2007/12/09 10:38:19 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
    [2007/10/08 15:42:07 | 000,001,918 | ---- | C] () -- C:\WINDOWS\cookies.ini
    [2007/08/21 11:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/06/29 18:33:50 | 000,000,895 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2007/05/09 02:01:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/01/28 09:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/01/12 09:54:28 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/06/26 15:05:52 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/06/13 07:52:39 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/06/13 07:52:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3E57D69E15.sys
    [2006/06/02 19:41:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/02 16:30:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\fusioncache.dat
    [2006/05/25 16:35:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/25 16:29:26 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/25 15:58:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 01:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 01:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 11:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/05/11 09:04:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\BELKIN.ini
    [2001/08/11 13:24:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

    < End of report >

    Extras.txt
    OTL Extras logfile created on: 1/31/2011 2:37:14 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Scott Callen\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 86.72 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
    Drive E: | 931.28 Gb Total Space | 765.44 Gb Free Space | 82.19% Space Free | Partition Type: FAT32

    Computer Name: DEN | User Name: Scott Callen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .reg [@ = regfile] -- notepad.exe \"%1\"

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- notepad.exe \"%1\"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
    "7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288
    "7289:TCP" = 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289
    "7290:TCP" = 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290
    "7291:TCP" = 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291
    "7292:TCP" = 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292
    "7293:TCP" = 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293
    "7294:TCP" = 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294
    "7295:TCP" = 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295
    "7296:TCP" = 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296
    "7297:TCP" = 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" = C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service -- (TiVo Inc.)
    "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" = C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
    "C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service
    "C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
    "{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{211C4AB9-E3FD-44CE-A495-75B8F545886A}" = Backyard Football 2004
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}" = Windows Rights Management Client
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
    "{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.5
    "{5264E937-B015-11D2-8C0E-00C04FBBCFF9}" = Microsoft Greetings 2000
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E066C73-EECD-46EC-93B6-D31F2ABD9007}" = Magellan RoadMate Manager North America
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
    "{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}" = Memeo AutoBackup
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E33A4D86-8941-41CB-9DF7-466FACB3ADF2}" = Belkin F5U249 Driver and Icon
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
    "3C48F877-A164-45E9-B9DA-26A049FFC207" = Tradewinds
    "6293BC00-4EB8-4C65-8548-53E2FC3BF937" = Diner Dash
    "651956B7-1969-42AA-9453-E0B813019D54" = Polar Golfer
    "6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AIM_6.0" = AIM 6.0
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Instant Messenger" = AOL Instant Messenger
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "ATI Display Driver" = ATI Display Driver
    "Backyard Baseball 2003" = Backyard Baseball 2003
    "C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Image Expert" = Image Expert
    "Imation Disk Manager V a Service" = Imation Disk Manager V a Service
    "InstallShield_{211C4AB9-E3FD-44CE-A495-75B8F545886A}" = Backyard Football 2004
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "McAfee Uninstall Utility" = McAfee Uninstaller
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSC" = McAfee SecurityCenter
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "TrialDocSmartz - PDF to Word Converter v3.0" = TrialDocSmartz - PDF to Word Converter v3.0
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ System Events ]
    Error - 1/30/2011 6:50:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 7:02:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 7:14:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 7:26:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 7:38:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 7:50:27 PM | Computer Name = DEN | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 1/30/2011 8:11:54 PM | Computer Name = DEN | Source = Service Control Manager | ID = 7000
    Description = The SessionLauncher service failed to start due to the following error:
    %%3

    Error - 1/30/2011 8:15:18 PM | Computer Name = DEN | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 1/30/2011 9:30:48 PM | Computer Name = DEN | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 1/31/2011 6:26:17 PM | Computer Name = DEN | Source = Service Control Manager | ID = 7000
    Description = The SessionLauncher service failed to start due to the following error:
    %%3


    < End of report >
     
  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New OTL.txt log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  9. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade 81--

    Downloaded and installed ComboFix. It took two or three iterations to get it to complete--it hung up and I had to restart it a couple of times--and, per your request, I'm attaching the log file it generated as well as an updated OTL log file.

    Thanks.

    ComboFix Log:
    ComboFix 11-01-31.02 - Scott Callen 02/01/2011 14:10:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.476 [GMT -8:00]
    Running from: c:\documents and settings\Scott Callen\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Start Menu\Live Safety Center.lnk
    c:\documents and settings\All Users\Start Menu\Online Security Guide.lnk
    c:\documents and settings\Cece Callen\Favorites\Online Security Guide.lnk
    c:\documents and settings\Kayce Callen\Favorites\Online Security Guide.lnk
    c:\documents and settings\Scott Callen\Favorites\Online Security Guide.lnk
    c:\windows\cookies.ini
    c:\windows\jestertb.dll
    c:\windows\system32\461942
    c:\windows\system32\drivers\MSIVXserv.sys
    c:\windows\system32\drivers\ndjgupf.sys
    c:\windows\system32\mnnmp.bak1
    c:\windows\system32\pac.txt
    E:\autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ndjgupf
    -------\Service_ndjgupf


    ((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
    .

    2011-02-01 19:42 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D5763B5A-E44D-4806-B713-8BBD3163E05B}\mpengine.dll
    2011-01-28 19:37 . 2011-01-28 19:39 -------- d-----w- c:\program files\iTunes
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-01-28 19:25 . 2011-01-28 19:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-01-28 19:24 . 2011-01-28 19:25 -------- d-----w- c:\program files\QuickTime
    2011-01-26 18:39 . 2011-01-26 18:39 -------- d--h--w- c:\windows\PIF

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-10 04:33 . 2007-10-09 21:21 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-11-09 14:52 . 2005-08-16 09:18 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-21 2424560]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-23 151552]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SetIcon"="c:\program files\Icons\SetIcon.exe" [2002-12-16 39936]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

    c:\documents and settings\Scott Callen\Start Menu\Programs\Startup\
    Camio Viewer.lnk - c:\program files\Sierra Imaging\Image Expert\IXApplet.exe [2006-7-26 103424]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-10-25 17:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/19/2010 12:28 AM 84072]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 67656]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/3/2009 7:36 AM 93320]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/19/2010 12:28 AM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/19/2010 12:28 AM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/19/2010 12:30 AM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/19/2010 12:29 AM 141792]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/6/2007 10:12 AM 864768]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/19/2010 12:28 AM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/19/2010 12:28 AM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/19/2010 12:28 AM 88544]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S2 gupdate1ca4544311ab70c;Google Update Service (gupdate1ca4544311ab70c);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2009 2:44 PM 133104]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [11/7/2008 11:38 AM 25824]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\CECECA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\CECECA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [10/26/2010 5:07 PM 20992]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/19/2010 12:28 AM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/19/2010 12:28 AM 84264]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - NULL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:43]

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:43]

    2009-10-04 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
    - c:\program files\Microsoft LifeCam\LifeExp.exe [2009-03-17 21:24]

    2011-02-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

    2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{E2FB4889-F2B9-44AD-B10C-FB68908319CE}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://mail.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    Trusted Zone: microsoft.com\office
    Trusted Zone: musicmatch.com\online
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    SafeBoot-ndjgupf
    AddRemove-HijackThis - c:\documents and settings\Scott Callen\Desktop\HiJackThis\HijackThis.exe
    AddRemove-Imation Disk Manager V a Service - c:\docume~1\CECECA~1\LOCALS~1\Temp\Imation Disk Manager V a.exe
    AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-01 14:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1752)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(2648)
    c:\windows\system32\WININET.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\UStorSrv.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\dllhost.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\stsystra.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-01 14:38:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-01 22:38

    Pre-Run: 92,965,220,352 bytes free
    Post-Run: 92,935,417,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - DE3A51DC4E8985283251C2AEC1471945

    Updated OTL Log:
    OTL logfile created on: 2/1/2011 3:17:52 PM - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Scott Callen\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 40.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 86.58 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
    Drive E: | 931.28 Gb Total Space | 765.44 Gb Free Space | 82.19% Space Free | Partition Type: FAT32

    Computer Name: DEN | User Name: Scott Callen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Scott Callen\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe (Sonic Solutions)
    PRC - C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    PRC - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
    PRC - C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    PRC - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Scott Callen\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (SessionLauncher) -- File not found
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
    SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
    SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
    SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    SRV - (TivoBeacon2) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
    SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/10 13:53:52 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/02/01 14:24:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104023102.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\Scott Callen\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 01:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/02/21 17:32:32 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/01 14:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/02/01 14:02:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/02/01 11:58:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/02/01 11:58:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/02/01 11:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/02/01 11:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/02/01 11:57:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/02/01 11:57:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/31 14:36:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott Callen\Desktop\OTL.exe
    [2011/01/31 14:20:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott Callen\Recent
    [2011/01/28 11:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/01/28 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/01/28 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/01/28 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/01/26 10:39:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2007/12/09 10:38:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/01 15:22:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E2FB4889-F2B9-44AD-B10C-FB68908319CE}.job
    [2011/02/01 14:26:24 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/01 14:25:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/02/01 14:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/02/01 14:23:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/01 14:23:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/01 14:22:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/01 14:22:00 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/01 14:02:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/02/01 11:25:54 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Scott Callen\Desktop\ComboFix.exe
    [2011/01/31 14:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott Callen\Desktop\OTL.exe
    [2011/01/28 11:39:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/28 08:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/26 10:23:26 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Scott Callen\Desktop\dds.com
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/01 14:02:39 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/02/01 13:09:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/02/01 11:58:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/02/01 11:58:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/02/01 11:58:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/02/01 11:58:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/02/01 11:58:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/02/01 11:44:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/02/01 11:25:42 | 004,263,406 | R--- | C] () -- C:\Documents and Settings\Scott Callen\Desktop\ComboFix.exe
    [2011/01/28 11:39:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/26 10:30:11 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/26 10:23:18 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Desktop\dds.com
    [2010/08/20 15:12:27 | 000,222,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/08/16 16:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
    [2008/12/29 21:06:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\rx_image.Cache
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/12/09 10:38:20 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
    [2007/12/09 10:38:20 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
    [2007/12/09 10:38:19 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
    [2007/08/21 11:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/06/29 18:33:50 | 000,000,895 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2007/05/09 02:01:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/01/28 09:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/01/12 09:54:28 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/06/26 15:05:52 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/06/13 07:52:39 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/06/13 07:52:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3E57D69E15.sys
    [2006/06/02 19:41:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/02 16:30:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\fusioncache.dat
    [2006/05/25 16:35:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/25 16:29:26 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/25 15:58:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 01:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 01:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 11:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/05/11 09:04:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\BELKIN.ini
    [2001/08/11 13:24:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

    < End of report >
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 23.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked.
    • Click Scan
    • Wait for the scan to finish. Copy-paste results back here. Post fresh OTL.txt log too. How's the system running?
     
  11. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade 81,

    Deleted the old Adobe Reader and Shockwave applications and installed new, and removed old Java and installed new using jre.

    Ran ESET scanner--missed the opportunity to save data to clipboard the first time--so I had to run it again to document results.

    ESET and OTL log files attached below.

    System seems to be running better--although most of my "computer time" has been limited to following your recommendations and sending back results. ESET identified 19 items...I'm hopeful that when these are removed that many of the problem symptoms go away.

    Thank you again.

    ESET Log File:
    C:\Documents and Settings\Cameron Callen\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\dvvamwaw.ini Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\gshymhqo.ini Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.bak2 Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.ini Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.ini2 Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.tmp Win32/Adware.Virtumonde.NEO application
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\qargollj.ini Win32/Adware.Virtumonde.NEO application
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk.vir Win32/Adware.SecToolbar application
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application
    C:\Qoobox\Quarantine\C\Documents and Settings\Cece Callen\Favorites\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application
    C:\Qoobox\Quarantine\C\Documents and Settings\Kayce Callen\Favorites\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application
    C:\Qoobox\Quarantine\C\Documents and Settings\Scott Callen\Favorites\Online Security Guide.lnk.vir Win32/Adware.SecToolbar application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mnnmp.bak1.vir Win32/Adware.Virtumonde.NEO application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir probably a variant of Win32/TrojanDownloader.Agent.JXCMRQU trojan
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001213.lnk Win32/Adware.SecToolbar application
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001214.lnk Win32/Adware.SecToolbar application
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MJ87CB0L\doc1[1].pdf PDF/Exploit.Gen trojan
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S1OHGXON\banner[1].swf SWF/TrojanDownloader.Swif.NAM trojan

    OTL Log File:
    OTL logfile created on: 2/4/2011 10:40:39 AM - Run 3
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Scott Callen\Desktop\Virus
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 323.00 Mb Available Physical Memory | 32.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 85.46 Gb Free Space | 59.22% Space Free | Partition Type: NTFS
    Drive E: | 931.28 Gb Total Space | 765.44 Gb Free Space | 82.19% Space Free | Partition Type: FAT32

    Computer Name: DEN | User Name: Scott Callen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Scott Callen\Desktop\Virus\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe (Sonic Solutions)
    PRC - C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    PRC - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    PRC - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Scott Callen\Desktop\Virus\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (SessionLauncher) -- File not found
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
    SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
    SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
    SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
    SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    SRV - (TivoBeacon2) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)


    ========== Driver Services (SafeList) ==========

    DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/10 13:53:52 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/02/01 14:24:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104023102.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [updateMgr] File not found
    O4 - Startup: C:\Documents and Settings\Scott Callen\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (Sierra Imaging)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott Callen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 01:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/02/21 17:32:32 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/03 16:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/02/03 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/02/03 15:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/02/03 15:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/02/03 15:57:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/02/03 15:57:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/02/03 15:57:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/02/03 15:57:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/02/03 15:57:40 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/02/03 15:47:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott Callen\Recent
    [2011/02/03 15:40:03 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Scott Callen\Desktop\jre-6u23-windows-i586.exe
    [2011/02/03 15:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2011/02/03 15:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott Callen\Desktop\AdbeRdr1000_mui_Std
    [2011/02/01 14:02:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/02/01 11:58:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/02/01 11:58:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/02/01 11:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/02/01 11:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/02/01 11:57:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/02/01 11:57:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/28 11:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/01/28 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/01/28 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/01/28 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/01/26 10:39:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2007/12/09 10:38:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/04 10:44:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E2FB4889-F2B9-44AD-B10C-FB68908319CE}.job
    [2011/02/04 10:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/04 08:58:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/02/04 04:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/04 01:47:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/02/03 15:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/02/03 15:57:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/02/03 15:57:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/02/03 15:57:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/02/03 15:57:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/02/03 15:49:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/03 15:48:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/03 15:48:41 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/03 15:40:16 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Scott Callen\Desktop\jre-6u23-windows-i586.exe
    [2011/02/03 15:35:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/02/03 15:27:54 | 132,176,337 | ---- | M] () -- C:\Documents and Settings\Scott Callen\Desktop\AdbeRdr1000_mui_Std.zip
    [2011/02/01 14:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/02/01 14:02:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/01/28 11:39:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/03 15:35:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/02/03 15:35:02 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/02/03 15:27:38 | 132,176,337 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Desktop\AdbeRdr1000_mui_Std.zip
    [2011/02/01 14:02:39 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/02/01 13:09:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/02/01 11:58:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/02/01 11:58:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/02/01 11:58:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/02/01 11:58:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/02/01 11:58:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/02/01 11:44:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/01/28 11:39:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/26 10:30:11 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/20 15:12:27 | 000,222,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/08/16 16:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
    [2008/12/29 21:06:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\rx_image.Cache
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/12/09 10:38:20 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
    [2007/12/09 10:38:20 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
    [2007/12/09 10:38:19 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
    [2007/08/21 11:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/06/29 18:33:50 | 000,000,895 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2007/05/09 02:01:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/01/28 09:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/01/12 09:54:28 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/06/26 15:05:52 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/06/13 07:52:39 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/06/13 07:52:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3E57D69E15.sys
    [2006/06/02 19:41:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/02 16:30:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Scott Callen\Local Settings\Application Data\fusioncache.dat
    [2006/05/25 16:35:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/25 16:29:26 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/25 15:58:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 01:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 01:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 11:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/05/11 09:04:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\BELKIN.ini
    [2001/08/11 13:24:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

    < End of report >
     
  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Let's get rid of those items (qoobox and system volume information related ones will be deleted in the final stage)


    Show hidden files
    -----------------
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.



    Delete these files (if found):
    C:\Documents and Settings\Cameron Callen\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\dvvamwaw.ini
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\gshymhqo.ini
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.bak2
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.ini
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.ini2
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jjkmp.tmp
    C:\Documents and Settings\Scott Callen\Desktop\Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\qargollj.ini
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MJ87CB0L\doc1[1].pdf
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S1OHGXON\banner[1].swf

    Let me know when that's ready.
     
  13. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade 81,

    Deleted the ten identified hidden/system files per your recommendation.

    What's next?

    Thanks.
     
  14. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    If no other issues left it's time for the final steps.

    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis



    We need to re hide system files. To do so, please follow the steps below:
    1. Double-click My Computer.
    2. Click the Tools menu, and then click Folder Options.
    3. Click the View tab.
    4. Put a check by
      Hide file extensions for known file types.
    5. Under the
      Hidden files
      folder, select
      Show hidden files and folders.
    6. Check
      Hide protected operating system files.
    7. Click Apply, and then click OK.


    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK

    • Double-click OTL.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

    • hosts file:
      • Every version of windows has a hosts file as part of them.
      • In a very basic sense, they are used to locate webpages.
      • We can customize a hosts file so that it blocks certain webpages.
      • However, it can slow down certain computers.
      • This is why using a hosts file is optional!!
      Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
      If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
      1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
    • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade :cool:
     
  15. huskydawg2001

    huskydawg2001 Thread Starter

    Joined:
    Oct 16, 2007
    Messages:
    18
    Blade 81,

    Reset System Restore file, and re-hid system files. Checked for Windows/IE/Office updates and loaded. Set system to update Windows automatically via MS web site. System was unable to locate Combo Fix source file when I tried to uninstall, but successfully ran "Clean Up" on OTL. Followed suggestions for securing IE, and downloaded/installed Hosts file, and used recommended steps for avoiding "slowdown" problems.

    Installed Secunia PSI (Great tool!) and ran scan. It identified five areas of concern--I gathered updates for three applications, and deleted two older "end of life" applications. Secunia indicates I am at 100%.

    System seems to be running well. Less delays, and no recurrence of blue screens or mouse/keyboard shut downs.

    Thank you very much for your diligence in helping me correct these problems. I very much appreciate it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974106

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice