my computer has been acting up for some time im not very good with computers but would like to try to fix it but youll have to take baby steps with me and i appoligize for that but i would greatly appreciate some help. it redirects mcaffee shows my home page as unsafe 50% of the time then windows closes internet explorer for my safty. plus i had tried defragmenting my hard drive but it does not have the required space to defrag but its mostly red.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jayson stephens at 18:42:52 on 2011-09-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.467 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net/
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100522135039.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10s_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\jayson~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1A2DFF75-2C68-4037-AB4A-0CA2E5B66C11} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
LSA: Notification Packages = :\windows\system3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-29 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-29 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-10-6 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-29 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-29 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-29 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-29 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-29 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-29 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2009-10-22 75776]
.
=============== Created Last 30 ================
.
2011-09-06 23:56:30 -------- d-----w- c:\documents and settings\jayson stephens\local settings\application data\Google
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:50:06.20 ===============

Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.


Post also fresh dds logs contents (attach.txt contents included).

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jayson stephens at 22:51:18 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.445 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\jayson stephens\Desktop\1st.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net/
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100522135039.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10s_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
StartupFolder: c:\docume~1\jayson~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1A2DFF75-2C68-4037-AB4A-0CA2E5B66C11} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
LSA: Notification Packages = :\windows\system3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-29 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-29 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-10-6 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-29 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-29 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-29 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-29 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-29 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-29 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2009-10-22 75776]
.
=============== Created Last 30 ================
.
2011-09-06 23:56:30 -------- d-----w- c:\documents and settings\jayson stephens\local settings\application data\Google
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 22:53:00.25 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-01 22:57:10
Windows 5.1.2600 Service Pack 3
Running: 1st.exe; Driver: C:\DOCUME~1\JAYSON~1\LOCALS~1\Temp\kwdiqkog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7257210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7257224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7257250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72572A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF72571FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72571D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72571E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF725723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF725727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7257266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF72572D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF72572BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7257290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5BD8360, 0x225D9D, 0xE8000020]
? C:\DOCUME~1\JAYSON~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630071
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F86
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630060
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630F97
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063002F
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006300B3
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0063008C
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F35
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006300C4
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630F1A
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630FA8
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F61
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F50
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00022
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F9B
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00FAC
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0004E
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00033
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF005A
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FD9
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF002E
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0049
.text C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\svchost.exe[984] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[984] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[984] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00650FCD
.text C:\WINDOWS\system32\svchost.exe[984] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0065001E
.text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630097
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630086
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630075
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630FB6
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063003D
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F87
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006300CF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F54
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F65
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630F43
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630058
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006300B2
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F76
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00860080
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00860FE5
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00860011
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00860065
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A6, 88]
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0086004A
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0066004E
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00660033
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00660FE3
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50051
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50036
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50F5C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50F79
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F37
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50089
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50EF0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F0B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50ED5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50F8A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50062
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FCA
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F1C
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80036
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70042
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FB7
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FC8
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B7001D
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FE3
.text C:\WINDOWS\system32\services.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D40FD1
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D400C6
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D400A9
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D4008E
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40062
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D40F94
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D40FAF
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D40112
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40F79
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D40123
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D4007D
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D4001B
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D40FC0
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D40051
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D40036
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D400F7
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070FBC
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FCD
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070039
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00070FA1
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070028
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0006002E
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FC8
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FAD
.text C:\WINDOWS\system32\services.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\lsass.exe[1440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\lsass.exe[1440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C8001E
.text C:\WINDOWS\system32\lsass.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0087
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB006C
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00C9
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F77
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F5C
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00F5
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0110
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB00A2
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00DA
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0FA8
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0043
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0F7C
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CB0F97
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\lsass.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0014
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0044
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0033
.text C:\WINDOWS\system32\lsass.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0018
.text C:\WINDOWS\system32\lsass.exe[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30096
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30FA1
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30FD4
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B300CE
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30F86
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30F61
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B300F0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B30F50
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30065
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B300A7
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B300DF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FC0
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70062
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70051
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70FA5
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F97
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB2
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60011
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60022
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD007D
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD006C
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F9E
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F52
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F6D
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F26
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F37
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0F15
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD008E
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD00B5
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D1005B
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D10025
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10F9E
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FAB
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00011
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FC6
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009C0FCD
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009B006E
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009B0F83
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009B005D
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009B0040
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009B0F9E
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009B00AB
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009B009A
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B0F1C
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B0F37
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009B00D0
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009B007F
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[1700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009B0F48
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02910011
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02910F65
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02910000
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02910FD4
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0291002C
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02910FE5
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02910F8A
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B1, 8A] {MOV CL, 0x8a}
.text C:\WINDOWS\System32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02910FA5
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02900F84
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!system 77C293C7 5 Bytes JMP 02900F95
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02900FC1
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02900FEF
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02900FB0
.text C:\WINDOWS\System32\svchost.exe[1700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02900FDE
.text C:\WINDOWS\System32\svchost.exe[1700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\System32\svchost.exe[1700] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1700] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\System32\svchost.exe[1700] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009D0014
.text C:\WINDOWS\System32\svchost.exe[1700] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0092008C
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00920071
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00920060
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00920043
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00920FB2
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009200D3
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009200C2
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00920F4E
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00920F5F
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00920F3D
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00920FA1
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!

CreatePipe 7C81D83F 5 Bytes JMP 009200A7
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00920FCD
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0092001E
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00920F70
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00960047
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00960FB9
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0096002C
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00960011
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0096006C
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00960FDB
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00950053
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00950FC8
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00950FD9
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0095002E
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0095001D
.text C:\WINDOWS\system32\svchost.exe[1816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00940FE5
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F70011
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F6009A
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60FA5
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F6007F
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FB6
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60FD1
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600C1
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F79
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600F4
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600E3
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F40
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60058
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60011
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60F8A
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60033
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60022
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F600D2
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F5001B
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50FA5
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50058
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F50047
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F5002C
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90FB7
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90038
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F9001D
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90FC8
.text C:\WINDOWS\system32\svchost.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F90FE3
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009F0FDE
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0098
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0087
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0076
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0065
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F77
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C00B3
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F4B
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0F5C
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C00FF
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0FC3
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0F88
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0036
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0025
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00DA
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20051
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20FDB
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A20F94
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C2, 88]
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A20FA5
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10F8B
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10016
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FC1
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FB0
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FD2
.text C:\WINDOWS\system32\svchost.exe[1884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B8006D
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80052
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80F78
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F89
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FAB
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800A3
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F5D
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F2F
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F40
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F1E
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80F9A
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B8007E
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FBC
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FCD
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B800BE
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F94
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70051
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70040
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0033
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270075
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F80
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027005A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0027009C
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F54
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F39
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F14
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270022
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F65
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700C1
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036004A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370031
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370020
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009F0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009F0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009F001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009F0036
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\System32\svchost.exe[3012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\System32\svchost.exe[3012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\System32\svchost.exe[3012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F92
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80087
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80FA3
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F8006C
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80098
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F5C
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800CE
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F2B
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800DF
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80051
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F8001B
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F77
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80FDB
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F8002C
.text C:\WINDOWS\System32\svchost.exe[3012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F800A9
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C003D
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C002C
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0011
.text C:\WINDOWS\System32\svchost.exe[3012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FD2
.text C:\WINDOWS\System32\svchost.exe[3012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0000
.text C:\WINDOWS\Explorer.EXE[3252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\Explorer.EXE[3252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FD4
.text C:\WINDOWS\Explorer.EXE[3252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F63
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0058
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0047
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B001B
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0090
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B007F
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00B5
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F1C
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F01
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0036
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F52
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\Explorer.EXE[3252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F2D
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0040
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FD4
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\Explorer.EXE[3252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A005B
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B005D
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0042
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0016
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0027
.text C:\WINDOWS\Explorer.EXE[3252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\Explorer.EXE[3252] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 002D000A
.text C:\WINDOWS\Explorer.EXE[3252] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 002D001B
.text C:\WINDOWS\Explorer.EXE[3252] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 002D0FDB
.text C:\WINDOWS\Explorer.EXE[3252] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 002D002C
.text C:\WINDOWS\Explorer.EXE[3252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01AF0000
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270089
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270078
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027005D
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F94
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F52
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700BF
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F26
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700DA
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027009A
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F41
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036002F
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 05330B00 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 05330E60 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 05330D70 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 05330C80 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 05330FE0 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0532FDE0 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 053310C0 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0532FF40 C:\Documents and Settings\jayson stephens\Local Settings\Application Data\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037005F
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370029
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02F744F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02F743D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02F74690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02F74790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01190FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01190FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01190FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0119001E
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02950FE5
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[9280] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[928] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5276] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a17afe
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a17afe@0023f1dd272d 0x7D 0xCA 0xA3 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a17afe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a17afe@0023f1dd272d 0x7D 0xCA 0xA3 0x83 ...

---- EOF - GMER 1.0.15 ----

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

ComboFix 11-10-04.04 - jayson stephens 10/05/2011 0:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.447 [GMT -5:00]
Running from: c:\documents and settings\jayson stephens\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\System Recovery
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery Disc Creator.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery.lnk
c:\program files\Internet Explorer\SET14B0.tmp
c:\windows\explorer(2).exe
c:\windows\kb913800.exe
c:\windows\system32\_003188_.tmp.dll
c:\windows\system32\_003189_.tmp.dll
c:\windows\system32\_003190_.tmp.dll
c:\windows\system32\_003191_.tmp.dll
c:\windows\system32\_003198_.tmp.dll
c:\windows\system32\_003199_.tmp.dll
c:\windows\system32\_003200_.tmp.dll
c:\windows\system32\_003201_.tmp.dll
c:\windows\system32\_003203_.tmp.dll
c:\windows\system32\_003204_.tmp.dll
c:\windows\system32\_003207_.tmp.dll
c:\windows\system32\_003208_.tmp.dll
c:\windows\system32\_003210_.tmp.dll
c:\windows\system32\_003211_.tmp.dll
c:\windows\system32\_003212_.tmp.dll
c:\windows\system32\_003214_.tmp.dll
c:\windows\system32\_003217_.tmp.dll
c:\windows\system32\_003218_.tmp.dll
c:\windows\system32\_003222_.tmp.dll
c:\windows\system32\_003223_.tmp.dll
c:\windows\system32\_003225_.tmp.dll
c:\windows\system32\_003228_.tmp.dll
c:\windows\system32\_003230_.tmp.dll
c:\windows\system32\_003231_.tmp.dll
c:\windows\system32\_003232_.tmp.dll
c:\windows\system32\_003233_.tmp.dll
c:\windows\system32\_003234_.tmp.dll
c:\windows\system32\_003237_.tmp.dll
c:\windows\system32\_003238_.tmp.dll
c:\windows\system32\_003239_.tmp.dll
c:\windows\system32\_003240_.tmp.dll
c:\windows\system32\_003241_.tmp.dll
c:\windows\system32\_003246_.tmp.dll
c:\windows\system32\_003248_.tmp.dll
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\usp10(3).dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-09-21 23:34 . 2011-09-21 23:37 -------- d-----w- c:\program files\ERUNT
2011-09-06 23:56 . 2011-09-07 00:00 -------- d-----w- c:\documents and settings\jayson stephens\Local Settings\Application Data\Google
2011-09-06 23:56 . 2011-09-06 23:59 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-03-16 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29 . 2006-01-01 10:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-01-01 10:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 21:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-16 273528]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\jayson stephens\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/29/2010 10:14 AM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/6/2010 4:38 PM 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2010 10:13 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2010 10:13 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/29/2010 10:14 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/29/2010 10:14 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/29/2010 10:14 AM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/29/2010 10:14 AM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/29/2010 10:14 AM 88736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2011 6:56 PM 136176]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2011 6:56 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/29/2010 10:14 AM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/29/2010 10:14 AM 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [10/22/2009 9:53 PM 75776]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-06 23:56]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-06 23:56]
.
2011-10-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199982171-424472609-418579473-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-10-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199982171-424472609-418579473-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{424B0DC9-6AFA-41ED-86F0-07097089FB4D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{BAED95B3-F644-4027-A7B1-D2B63A92138E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.254.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 00:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????[??????Y?@?????<?@
.
scanning hidden files ...
.
.
c:\docume~1\JAYSON~1\LOCALS~1\Temp\RedboxLog.txt 2878 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-10-05 00:56:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 05:56
.
Pre-Run: 65,877,520,384 bytes free
Post-Run: 66,219,466,752 bytes free
.
- - End Of File - - F05E2BDAB2076F08D3745260945FC8FA

wile running combo-fix a window poped up saying PEV.EXE has encountered a problem and needs to close sorry for the inconveinence. It had the options to send report or not i ignored it and didn't press anything. eventually went away when combofix was done.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jayson stephens at 1:07:12 on 2011-10-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.569 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100522135039.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10s_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
StartupFolder: c:\docume~1\jayson~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1A2DFF75-2C68-4037-AB4A-0CA2E5B66C11} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-29 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-29 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-10-6 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-29 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-29 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-29 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-29 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-29 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-29 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2009-10-22 75776]
.
=============== Created Last 30 ================
.
2011-10-05 17:19:23 98816 ----a-w- c:\windows\sed.exe
2011-10-05 17:19:23 518144 ----a-w- c:\windows\SWREG.exe
2011-10-05 17:19:23 256000 ----a-w- c:\windows\PEV.exe
2011-10-05 17:19:23 208896 ----a-w- c:\windows\MBR.exe
2011-10-05 05:22:51 -------- d-sha-r- C:\cmdcons
2011-09-06 23:56:30 -------- d-----w- c:\documents and settings\jayson stephens\local settings\application data\Google
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 1:07:46.82 ===============

should i delete combo fix, and is it ok to turn on my security back on after running combo fix.

i appreciate you helping me. do you need the other dds log it says only send if asked

Hi,


should i delete combo fix, and is it ok to turn on my security back on after running combo fix.
Don't delete ComboFix. We'll took care of that later. You may have security enabled while not running any tools I ask you to run.

Please post attach.txt contents too.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2009 12:49:48 AM
System Uptime: 10/5/2011 12:49:51 AM (1 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 81 GiB total, 61.695 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 1.233 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 7/31/2011 1:36:34 AM - Software Distribution Service 3.0
RP25: 1/1/2006 4:00:29 AM - System Checkpoint
RP26: 8/14/2011 7:16:04 PM - System Checkpoint
RP27: 8/15/2011 3:00:32 AM - Software Distribution Service 3.0
RP28: 8/16/2011 3:23:08 AM - System Checkpoint
RP29: 8/17/2011 4:01:58 AM - System Checkpoint
RP30: 8/19/2011 4:14:19 AM - System Checkpoint
RP31: 8/20/2011 1:33:44 PM - System Checkpoint
RP32: 8/21/2011 1:44:18 PM - System Checkpoint
RP33: 8/22/2011 3:00:20 AM - Software Distribution Service 3.0
RP34: 8/23/2011 3:15:14 PM - System Checkpoint
RP35: 8/24/2011 3:39:18 PM - System Checkpoint
RP36: 8/25/2011 5:27:13 PM - System Checkpoint
RP37: 8/27/2011 1:29:01 PM - System Checkpoint
RP38: 8/28/2011 5:48:16 PM - System Checkpoint
RP39: 8/29/2011 7:18:01 PM - System Checkpoint
RP40: 8/30/2011 7:50:20 PM - System Checkpoint
RP41: 8/31/2011 8:49:51 PM - System Checkpoint
RP42: 9/1/2011 9:14:24 PM - System Checkpoint
RP43: 9/2/2011 9:59:41 PM - System Checkpoint
RP44: 9/3/2011 10:44:07 PM - System Checkpoint
RP45: 9/4/2011 11:54:32 PM - System Checkpoint
RP46: 9/5/2011 1:00:34 PM - Software Distribution Service 3.0
RP47: 9/6/2011 4:07:38 PM - System Checkpoint
RP48: 9/7/2011 4:22:53 PM - System Checkpoint
RP49: 9/10/2011 2:36:48 PM - System Checkpoint
RP50: 9/11/2011 2:43:56 PM - System Checkpoint
RP51: 9/12/2011 5:17:03 PM - System Checkpoint
RP52: 9/13/2011 3:01:24 AM - Software Distribution Service 3.0
RP53: 9/14/2011 11:52:20 PM - System Checkpoint
RP54: 9/17/2011 1:28:15 PM - System Checkpoint
RP55: 9/18/2011 1:54:00 PM - System Checkpoint
RP56: 9/19/2011 1:54:28 PM - System Checkpoint
RP57: 9/20/2011 1:59:16 PM - System Checkpoint
RP58: 9/21/2011 2:47:16 PM - System Checkpoint
RP59: 9/21/2011 4:24:52 PM - Software Distribution Service 3.0
RP60: 9/22/2011 4:39:39 PM - System Checkpoint
RP61: 9/23/2011 4:51:30 PM - System Checkpoint
RP62: 9/24/2011 5:47:15 PM - System Checkpoint
RP63: 9/25/2011 7:33:19 PM - System Checkpoint
RP64: 9/26/2011 7:47:14 PM - System Checkpoint
RP65: 9/27/2011 3:00:16 AM - Software Distribution Service 3.0
RP66: 9/28/2011 3:47:10 AM - System Checkpoint
RP67: 9/29/2011 4:53:45 AM - System Checkpoint
RP68: 9/30/2011 5:47:11 AM - System Checkpoint
RP69: 10/1/2011 6:47:12 AM - System Checkpoint
RP70: 10/2/2011 7:47:15 AM - System Checkpoint
RP71: 10/5/2011 12:19:37 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AutoUpdate
BufferChm
CCleaner
Conexant HD Audio
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Destinations
DeviceDiscovery
DeviceManagementQFolder
DivX
DJ_AIO_06_F2400_SW_Min
Easy Internet Sign-up
ERUNT 1.1j
ESPNMotion
F2400
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart Premier Software 6.0
HP Print Projects 1.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
hpPrintProjects
HPProductAssistant
HpSdpAppCoreApp
hpWLPGInstaller
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Junk Mail filter update
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
MarketResearch
McAfee Internet Security
McAfee Virtual Technician
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
muvee autoProducer 5.0
MyPublisher
NetWaiting
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Status
Swag Bucks Toolbar
Synaptics Pointing Device Driver
Toolbox
TourSetup
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vongo
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Media Connect
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 1:48:02 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158043 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.250.85:123) is working properly.
10/5/2011 12:29:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/3/2011 4:11:10 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
10/2/2011 6:26:49 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158051 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->64.4.21.156:123) is working properly.
10/1/2011 3:22:40 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158049 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->64.4.31.162:123) is working properly.
10/1/2011 3:07:39 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

ComboFix 11-10-04.04 - jayson stephens 10/06/2011 21:34:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.253 [GMT -5:00]
Running from: c:\documents and settings\jayson stephens\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jayson stephens\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-09-21 23:34 . 2011-09-21 23:37 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-03-16 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29 . 2006-01-01 10:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-05_05.50.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-06 11:05 . 2011-10-06 11:05 16384 c:\windows\temp\Perflib_Perfdata_b2c.dat
+ 2006-06-29 18:27 . 2011-10-05 05:55 58430 c:\windows\system32\perfc009.dat
- 2006-06-29 18:27 . 2011-10-05 05:33 58430 c:\windows\system32\perfc009.dat
+ 2006-06-29 18:27 . 2011-10-05 05:55 395900 c:\windows\system32\perfh009.dat
- 2006-06-29 18:27 . 2011-10-05 05:33 395900 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 21:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-16 273528]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\jayson stephens\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/29/2010 10:14 AM 84200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2010 10:13 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2010 10:13 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/29/2010 10:14 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/29/2010 10:14 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/29/2010 10:14 AM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/29/2010 10:14 AM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/29/2010 10:14 AM 88736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2011 6:56 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/6/2010 4:38 PM 94880]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2011 6:56 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/29/2010 10:14 AM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/29/2010 10:14 AM 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [10/22/2009 9:53 PM 75776]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-06 23:56]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-06 23:56]
.
2011-10-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199982171-424472609-418579473-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199982171-424472609-418579473-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{424B0DC9-6AFA-41ED-86F0-07097089FB4D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{BAED95B3-F644-4027-A7B1-D2B63A92138E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????[??????Y?@?????<?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5308)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-06 21:53:50
ComboFix-quarantined-files.txt 2011-10-07 02:53
ComboFix2.txt 2011-10-05 05:56
.
Pre-Run: 66,181,152,768 bytes free
Post-Run: 66,167,009,280 bytes free
.
- - End Of File - - 1AC30894287B664E89B11201334C3C9A

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jayson stephens at 22:10:08 on 2011-10-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.354 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100522135039.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
StartupFolder: c:\docume~1\jayson~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1A2DFF75-2C68-4037-AB4A-0CA2E5B66C11} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-29 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-29 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-10-6 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-29 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-29 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-29 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-29 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-29 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-29 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-6 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-29 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-29 84488]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2009-10-22 75776]
.
=============== Created Last 30 ================
.
2011-10-05 17:19:23 98816 ----a-w- c:\windows\sed.exe
2011-10-05 17:19:23 518144 ----a-w- c:\windows\SWREG.exe
2011-10-05 17:19:23 256000 ----a-w- c:\windows\PEV.exe
2011-10-05 17:19:23 208896 ----a-w- c:\windows\MBR.exe
2011-10-05 05:22:51 -------- d-sha-r- C:\cmdcons
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 21:05:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:11:23.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2009 12:49:48 AM
System Uptime: 10/5/2011 12:49:54 AM (46 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 81 GiB total, 61.647 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 1.233 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 7/31/2011 1:36:34 AM - Software Distribution Service 3.0
RP25: 1/1/2006 4:00:29 AM - System Checkpoint
RP26: 8/14/2011 7:16:04 PM - System Checkpoint
RP27: 8/15/2011 3:00:32 AM - Software Distribution Service 3.0
RP28: 8/16/2011 3:23:08 AM - System Checkpoint
RP29: 8/17/2011 4:01:58 AM - System Checkpoint
RP30: 8/19/2011 4:14:19 AM - System Checkpoint
RP31: 8/20/2011 1:33:44 PM - System Checkpoint
RP32: 8/21/2011 1:44:18 PM - System Checkpoint
RP33: 8/22/2011 3:00:20 AM - Software Distribution Service 3.0
RP34: 8/23/2011 3:15:14 PM - System Checkpoint
RP35: 8/24/2011 3:39:18 PM - System Checkpoint
RP36: 8/25/2011 5:27:13 PM - System Checkpoint
RP37: 8/27/2011 1:29:01 PM - System Checkpoint
RP38: 8/28/2011 5:48:16 PM - System Checkpoint
RP39: 8/29/2011 7:18:01 PM - System Checkpoint
RP40: 8/30/2011 7:50:20 PM - System Checkpoint
RP41: 8/31/2011 8:49:51 PM - System Checkpoint
RP42: 9/1/2011 9:14:24 PM - System Checkpoint
RP43: 9/2/2011 9:59:41 PM - System Checkpoint
RP44: 9/3/2011 10:44:07 PM - System Checkpoint
RP45: 9/4/2011 11:54:32 PM - System Checkpoint
RP46: 9/5/2011 1:00:34 PM - Software Distribution Service 3.0
RP47: 9/6/2011 4:07:38 PM - System Checkpoint
RP48: 9/7/2011 4:22:53 PM - System Checkpoint
RP49: 9/10/2011 2:36:48 PM - System Checkpoint
RP50: 9/11/2011 2:43:56 PM - System Checkpoint
RP51: 9/12/2011 5:17:03 PM - System Checkpoint
RP52: 9/13/2011 3:01:24 AM - Software Distribution Service 3.0
RP53: 9/14/2011 11:52:20 PM - System Checkpoint
RP54: 9/17/2011 1:28:15 PM - System Checkpoint
RP55: 9/18/2011 1:54:00 PM - System Checkpoint
RP56: 9/19/2011 1:54:28 PM - System Checkpoint
RP57: 9/20/2011 1:59:16 PM - System Checkpoint
RP58: 9/21/2011 2:47:16 PM - System Checkpoint
RP59: 9/21/2011 4:24:52 PM - Software Distribution Service 3.0
RP60: 9/22/2011 4:39:39 PM - System Checkpoint
RP61: 9/23/2011 4:51:30 PM - System Checkpoint
RP62: 9/24/2011 5:47:15 PM - System Checkpoint
RP63: 9/25/2011 7:33:19 PM - System Checkpoint
RP64: 9/26/2011 7:47:14 PM - System Checkpoint
RP65: 9/27/2011 3:00:16 AM - Software Distribution Service 3.0
RP66: 9/28/2011 3:47:10 AM - System Checkpoint
RP67: 9/29/2011 4:53:45 AM - System Checkpoint
RP68: 9/30/2011 5:47:11 AM - System Checkpoint
RP69: 10/1/2011 6:47:12 AM - System Checkpoint
RP70: 10/2/2011 7:47:15 AM - System Checkpoint
RP71: 10/5/2011 12:19:37 PM - ComboFix created restore point
RP72: 10/5/2011 1:43:17 AM - System Checkpoint
RP73: 10/6/2011 1:54:20 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AutoUpdate
BufferChm
CCleaner
Conexant HD Audio
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Destinations
DeviceDiscovery
DeviceManagementQFolder
DivX
DJ_AIO_06_F2400_SW_Min
Easy Internet Sign-up
ERUNT 1.1j
ESPNMotion
F2400
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart Premier Software 6.0
HP Print Projects 1.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
hpPrintProjects
HPProductAssistant
HpSdpAppCoreApp
hpWLPGInstaller
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Junk Mail filter update
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
MarketResearch
McAfee Internet Security
McAfee Virtual Technician
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
muvee autoProducer 5.0
MyPublisher
NetWaiting
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Status
Swag Bucks Toolbar
Synaptics Pointing Device Driver
Toolbox
TourSetup
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vongo
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Media Connect
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 1:48:02 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158043 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.250.85:123) is working properly.
10/5/2011 12:29:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/3/2011 4:11:10 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
10/2/2011 6:26:49 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158051 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->64.4.21.156:123) is working properly.
10/1/2011 3:22:40 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +158049 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->64.4.31.162:123) is working properly.
10/1/2011 3:07:39 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

no report, said no threats found.

i posted these reports before i deleted old java and old flash player do you need me to do them again.

i posted these reports before i deleted old java and old flash player do you need me to do them again.
No need to post those again but did you replace old Adobe Reader too? How's the system running?

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.