When I do a Google search and click on a resulting link I frequently get redirected to another unrelated site (usually with a URL beginning 'adwords.onlinesecuregroup.com') or an unfamiliar search engine. It does not happen every time and I can get round it by cutting and pasting the search results instead of clicking the links. My computer is also going extremely slowly, mostly when using my browser but also with pretty much everything else too. I am using Internet Explorer as my only browser.
I have read your malware cleaning guide and have taken the following steps so far:
1. Full scan with my McAfee virus scan (nothing found).
2. Downloaded and run Hitman Pro (nothing found).
3. Backed up my registry with ERUNT.
4. Downloaded and run SysRestorePoint.
5. Downloaded and run TFC.
6. Downloaded and run GooRedFix.
7. Downloaded and run TDSSKiller.
8. Run MBAM quick scan (found and removed ten 'infected items' but computer symptoms remain the same - log pasted below).
9. Run GMER (log pasted below).
10. Run OTL (logs pasted below).
I would be really grateful for any help, as I have been struggling with this for a month or more. Thanks.
*****************************
MBAM log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4113
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/05/2010 21:46:11
mbam-log-2010-05-18 (21-46-11).txt
Scan type: Quick scan
Objects scanned: 133735
Time elapsed: 9 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\drivers\down\26228765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
****************************
GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-18 23:09:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MEGANB~1\LOCALS~1\Temp\uxrdapow.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF85C4DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF85C4DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF85C4DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF85C4E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF85C4D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF85C4D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF85C4D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF85C4DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF85C4E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF85C4E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF85C4E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF85C4E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF85C4E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F85C4E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP F85C4DA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP F85C4DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP F85C4D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP F85C4E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP F85C4E60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP F85C4E4A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP F85C4E74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP F85C4D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP F85C4DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP F85C4DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 8059B1F3 5 Bytes JMP F85C4E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP F85C4DDE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? ioaqaco.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8A53760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF789FF80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E72862
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E726EE
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E727E0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E72726
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E7275E
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04880000
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04880FE5
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 04880011
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04870000
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04870F92
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04870FA3
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0487007D
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04870062
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04870FC0
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 048700D0
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 048700BF
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04870F4B
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04870F5C
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04870F3A
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04870051
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0487001B
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 048700A2
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04870FDB
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0487002C
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04870F6D
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0486002F
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0486005B
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04860FD4
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0486000A
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04860F9E
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04860FEF
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04860FB9
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A6, 8C]
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04860040
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04850FA1
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!system 77C293C7 5 Bytes JMP 04850FB2
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04850022
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04850000
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04850FCD
.text C:\WINDOWS\Explorer.EXE[404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04850011
.text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0483000A
.text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0483001B
.text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0483002C
.text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0483003D
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E62862
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 04840000
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E626EE
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E627E0
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E62726
.text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E6275E
.text C:\Program Files\McAfee Online Backup\MOBKbackup.exe[424] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03232862
.text C:\Program Files\McAfee Online Backup\MOBKbackup.exe[424] ws2_32.dll!send 71AB4C27 5 Bytes JMP 032326EE
.text C:\Program Files\McAfee Online Backup\MOBKbackup.exe[424] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 032327E0
.text C:\Program Files\McAfee Online Backup\MOBKbackup.exe[424] ws2_32.dll!recv 71AB676F 5 Bytes JMP 03232726
.text C:\Program Files\McAfee Online Backup\MOBKbackup.exe[424] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0323275E
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D9005B
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90F66
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90F83
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D90F9E
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D9002F
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D90F3F
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D90087
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90F24
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D900BD
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D900CE
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D90040
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D9006C
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D9001E
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D90FC3
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D900A2
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D8001E
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D80FA8
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D80FCD
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D80065
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D80054
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D80043
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D70F90
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D70FA1
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D70FCD
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D70FBC
.text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D70011
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D50FA8
.text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00980FE5
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00980FCA
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00970F9E
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00970093
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0097006C
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0097005B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00970F6B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00970F7C
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009700E9
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009700D8
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00970F35
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00970040
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0097001B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00970F8D
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00970F5A
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00960FAF
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00960047
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0096002C
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00960F9E
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070042
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070016
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070027
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1068] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1068] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00050FDB
.text C:\WINDOWS\system32\services.exe[1068] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1068] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0F30
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0F41
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0F5E
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0F8A
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0051
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0EFF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC007D
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0EEE
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC008E
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC0F79
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC0FDB
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EC0FAF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EC0FC0
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC0062
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB0FAC
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB0073
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EB0062
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA004E
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0FC3
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA0FDE
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA000C
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA0029
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\lsass.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E9000A
.text C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01742862
.text C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017426EE
.text C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1112] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017427E0
.text C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01742726
.text C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0174275E
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02800000
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02800025
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02800FE5
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E5007D
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E5006C
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E5005B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50F9E
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FAF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F35
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F52
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50F24
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E500BD
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50EFF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50040
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50FDB
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F63
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FCA
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E500A2
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0F9E
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF005B
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF004A
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE005D
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0042
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FE3
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0FC8
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE001D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E60FB9
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50093
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50082
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50065
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E5004A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F6B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F7C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50F2E
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50F49
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50F1D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F8D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50039
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50014
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50F5A
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40F79
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40040
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30FC8
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30053
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E3001D
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30038
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E3000C
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02F9000A
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02F9002C
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02F9001B
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F80FEF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F80F77
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F8006C
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F8005B
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F80FA8
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F8002F
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F80089
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F80F41
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F800BF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F80F26
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F80F01
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F8004A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F8000A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F80F5C
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F80FC3
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F80FD4
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F800A4
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02F70FC0
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02F70062
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02F70011
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02F70FE5
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02F70FA5
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02F70000
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02F70047
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02F7002C
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EA0F97
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EA0FA8
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EA0011
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EA0000
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EA0022
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EA0FE3
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E90000
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02E80FEF
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02E80FD4
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02E8000A
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02E80025
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B00FE5
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AF0073
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AF0F7E
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AF0058
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AF0F9B
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AF003D
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AF0F35
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AF0F5C
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AF0F09
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AF00A2
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AF00BD
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AF0FC0
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AF0F6D
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AF002C
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AF0011
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AF0F24
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AE0FDB
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AE0F9E
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AE002C
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AE005B
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AE0FB9
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CE, 88]
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AE0FCA
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD004C
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0FB7
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD0027
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD0FD2
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD000C
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AB0FE5
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1512] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC2862
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1512] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC26EE
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1512] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC27E0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1512] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC2726
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1512] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC275E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1516] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E42862
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1516] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E426EE
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1516] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E427E0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1516] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E42726
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1516] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E4275E
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9006F
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90054
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F86
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90043
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F38
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90080
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900BD
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900AC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F09
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F97
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F5F
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9009B
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80087
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B8006C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FB4
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FCF
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7002E
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70049
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7001D
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\hkcmd.exe[1544] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D92862
.text C:\WINDOWS\system32\hkcmd.exe[1544] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D926EE
.text C:\WINDOWS\system32\hkcmd.exe[1544] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D927E0
.text C:\WINDOWS\system32\hkcmd.exe[1544] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D92726
.text C:\WINDOWS\system32\hkcmd.exe[1544] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D9275E
.text C:\WINDOWS\system32\igfxpers.exe[1572] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D82862
.text C:\WINDOWS\system32\igfxpers.exe[1572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D826EE
.text C:\WINDOWS\system32\igfxpers.exe[1572] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D827E0
.text C:\WINDOWS\system32\igfxpers.exe[1572] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D82726
.text C:\WINDOWS\system32\igfxpers.exe[1572] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D8275E
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01022862
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010226EE
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010227E0
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01022726
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0102275E
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1740] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010A2862
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1740] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010A26EE
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1740] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010A27E0
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1740] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010A2726
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1740] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010A275E
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EB2862
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EB26EE
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EB27E0
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EB2726
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EB275E
.text C:\WINDOWS\System32\svchost.exe[2248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[2248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCD
.text C:\WINDOWS\System32\svchost.exe[2248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F52
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0047
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0036
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F83
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B007D
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F35
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F13
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00AC
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00BD
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F94
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B006C
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F24
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A004A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0080
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0025
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FDE
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A005B
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0F88
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FAD
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FD2
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FE3
.text C:\WINDOWS\System32\svchost.exe[2248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[2248] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01110000
.text C:\WINDOWS\System32\svchost.exe[2248] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01110FDB
.text C:\WINDOWS\System32\svchost.exe[2248] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01110FCA
.text C:\WINDOWS\System32\svchost.exe[2248] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01110FAF
.text C:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\svchost.exe[2284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F6F
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00064
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F8A
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FC7
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F52
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F0009A
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000D7
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000C6
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F000F2
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00FB6
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F0007F
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F0003D
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\svchost.exe[2284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000B5
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF002C
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF006C
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0FC0
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\svchost.exe[2284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0047
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0056
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FC1
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FD2
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0027
.text C:\WINDOWS\system32\svchost.exe[2284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE000C
.text C:\WINDOWS\system32\svchost.exe[2284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[2284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[2284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\svchost.exe[2284] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00EC002C
.text C:\WINDOWS\system32\svchost.exe[2284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\wdfmgr.exe[2396] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00862862
.text C:\WINDOWS\system32\wdfmgr.exe[2396] WS2_32.dll!send 71AB4C27 5 Bytes JMP 008626EE
.text C:\WINDOWS\system32\wdfmgr.exe[2396] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008627E0
.text C:\WINDOWS\system32\wdfmgr.exe[2396] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00862726
.text C:\WINDOWS\system32\wdfmgr.exe[2396] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0086275E
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BE2862
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BE26EE
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2924] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE27E0
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2924] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BE2726
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BE275E
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01682862
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016826EE
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016827E0
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01682726
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0168275E
.text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FCA
.text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0093
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0076
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F5C
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C00A4
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F30
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C00C9
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F1F
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C005B
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0F79
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0036
.text C:\WINDOWS\system32\wuauclt.exe[3324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C0F4B
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0029
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0018
.text C:\WINDOWS\system32\wuauclt.exe[3324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0040
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0025
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0014
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C005B
.text C:\WINDOWS\system32\wuauclt.exe[3324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3324] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\wuauclt.exe[3324] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0104001B
.text C:\WINDOWS\system32\wuauclt.exe[3324] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01040FE5
.text C:\WINDOWS\system32\wuauclt.exe[3324] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01040FCA
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01022862
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011C0000
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010226EE
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010227E0
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01022726
.text C:\WINDOWS\system32\wuauclt.exe[3324] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0102275E
.text C:\Program Files\iPod\bin\iPodService.exe[3916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B92862
.text C:\Program Files\iPod\bin\iPodService.exe[3916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B926EE
.text C:\Program Files\iPod\bin\iPodService.exe[3916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B927E0
.text C:\Program Files\iPod\bin\iPodService.exe[3916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B92726
.text C:\Program Files\iPod\bin\iPodService.exe[3916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9275E
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 8275C1A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8275C1A0
Device \Driver\atapi \Device\Ide\IdePort1 8275C1A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8275C1A0
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
**********************
OTL logs
OTL logfile created on: 18/05/2010 23:19:58 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\megan bydder\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
510.00 Mb Total Physical Memory | 171.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 44.81 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 892.39 Gb Free Space | 95.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: UPSTAIRS
Current User Name: megan bydder
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/18 23:18:45 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\OTL.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/08/22 00:56:48 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 03:07:31 | 000,491,520 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX4500W\Scan2Pc.exe
PRC - [2007/06/13 10:15:14 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/04 02:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
========== Modules (SafeList) ==========
MOD - [2010/05/18 23:18:45 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- -- (0069801274185323mcinstcleanup) McAfee Application Installer Cleanup (0069801274185323)
SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/21 09:45:39 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/10/28 06:32:12 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2001/11/25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB0115.SYS -- (FINEPIX_PCC)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 20:10:48 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518132040.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [4500w Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX4500W\Scan2Pc.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} http://apps.corel.co...PluginNOSSO.ocx (get_atlcom Class)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A19F0E9E-D4C2-4A96-8EA7-0F64A9B2643F} http://www.pi.nhs.uk...leCalc515uk.cab (CentileCalc515UK.Calc)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} https://www.tescopho...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\megan bydder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\megan bydder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98dd1a18-a1fe-11dd-8fd4-0013200fbfa6}\Shell - "" = AutoRun
O33 - MountPoints2\{98dd1a18-a1fe-11dd-8fd4-0013200fbfa6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98dd1a18-a1fe-11dd-8fd4-0013200fbfa6}\Shell\AutoRun\command - "" = F:\DTSP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/18 23:18:41 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\OTL.exe
[2010/05/18 21:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\megan bydder\Application Data\Malwarebytes
[2010/05/18 21:35:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 21:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 21:35:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 21:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 16:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\megan bydder\Desktop\tdsskiller
[2010/05/18 16:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\megan bydder\Desktop\GooredFix Backups
[2010/05/18 13:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\megan bydder\Desktop\SysRestorePoint_v13
[2010/05/18 13:41:12 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\TFC.exe
[2010/05/18 13:40:32 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\megan bydder\Desktop\GooredFix.exe
[2010/05/18 13:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/26 16:48:14 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/26 16:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/26 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/16 19:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/16 19:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/16 19:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/04/16 19:25:56 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/04/16 19:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/04/16 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/16 19:00:35 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/04/15 20:31:27 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/15 20:31:04 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/15 20:31:04 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/15 20:31:04 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/15 20:31:04 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/15 20:31:04 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/15 20:31:04 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/15 20:31:04 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/15 20:31:04 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/15 20:31:04 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/02/18 22:44:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
========== Files - Modified Within 90 Days ==========
[2010/05/18 23:18:45 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\OTL.exe
[2010/05/18 23:12:04 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/05/18 23:12:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 23:11:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/18 23:11:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/18 23:11:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 23:11:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 23:11:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 23:11:23 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 23:07:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/18 22:01:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\megan bydder\Desktop\gmer.exe
[2010/05/18 21:48:22 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\megan bydder\ntuser.dat
[2010/05/18 21:47:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\megan bydder\ntuser.ini
[2010/05/18 21:47:27 | 003,771,986 | -H-- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\IconCache.db
[2010/05/18 13:45:46 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\megan bydder\Desktop\SysRestorePoint_v13.zip
[2010/05/18 13:41:14 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\megan bydder\Desktop\TFC.exe
[2010/05/18 13:40:55 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\megan bydder\Desktop\tdsskiller.zip
[2010/05/18 13:40:33 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\megan bydder\Desktop\GooredFix.exe
[2010/05/18 13:02:57 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/30 18:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DF14BL1J-megan bydder).job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 17:01:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/26 16:55:59 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/26 16:31:18 | 000,000,916 | -HS- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\b08620CF7A25y
[2010/04/26 16:31:18 | 000,000,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
[2010/04/21 17:58:00 | 000,001,184 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8Ubu0B6G7
[2010/04/21 17:57:59 | 000,001,184 | -HS- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\8Ubu0B6G7
[2010/04/16 19:05:23 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\fusioncache.dat
[2010/04/15 22:22:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/28 17:38:24 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 17:38:23 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 17:38:19 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 13:05:53 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 15:08:12 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\megan bydder\My Documents\.DS_Store
[2010/03/18 10:41:45 | 000,029,128 | ---- | M] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/01 09:51:40 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/02/20 09:51:41 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/02/20 00:27:14 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 23:47:30 | 000,000,029 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/02/19 22:13:22 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\megan bydder\Desktop\Shortcut to External Hard Drive.lnk
========== Files Created - No Company Name ==========
[2010/05/18 19:47:12 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/18 13:45:43 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\megan bydder\Desktop\SysRestorePoint_v13.zip
[2010/05/18 13:40:48 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\megan bydder\Desktop\tdsskiller.zip
[2010/05/06 08:30:00 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/04/26 16:39:33 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/26 16:38:31 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/26 16:31:17 | 000,000,916 | -HS- | C] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\b08620CF7A25y
[2010/04/26 16:31:17 | 000,000,916 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
[2010/04/21 17:57:59 | 000,001,184 | -HS- | C] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\8Ubu0B6G7
[2010/04/21 17:57:59 | 000,001,184 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Ubu0B6G7
[2010/04/16 19:05:23 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\megan bydder\Local Settings\Application Data\fusioncache.dat
[2010/03/01 09:51:40 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/02/20 09:51:26 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/02/19 22:13:22 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\megan bydder\Desktop\Shortcut to External Hard Drive.lnk
[2009/01/13 15:24:51 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/01/13 15:24:29 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/01/13 15:24:22 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/06 19:24:12 | 000,265,216 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009/01/06 19:24:12 | 000,139,776 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/01/06 19:24:12 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009/01/06 19:24:12 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/01/06 19:24:12 | 000,087,040 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/01/06 19:23:53 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssw1ml3.dll
[2008/09/09 10:12:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\xvport.ini
[2008/04/26 20:55:37 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2008/04/26 20:55:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2007/08/05 22:32:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/04 16:09:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2006/10/19 18:00:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2006/08/17 09:51:10 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\F8F6A4C789.sys
[2006/08/17 09:32:35 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/04/13 21:21:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/13 18:02:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/04/13 18:02:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/04/13 17:53:10 | 000,001,029 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/04/13 17:51:49 | 000,000,663 | ---- | C] () -- C:\WINDOWS\fe.INI
[2005/04/13 17:24:20 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2005/04/13 17:13:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/08 16:38:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/08 16:36:14 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/08 16:11:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/04/08 16:11:04 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
========== LOP Check ==========
[2006/01/13 15:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/02/22 18:42:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/26 16:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/10/19 16:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2006/01/13 15:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2005/04/13 17:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/05/02 21:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDK
[2010/02/20 00:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tesco Photobook Creator
[2005/04/08 16:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/02/22 19:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\Canon
[2008/03/02 10:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\CD-LabelPrint
[2005/06/30 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\FileMaker
[2005/04/13 18:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\FUJIFILM
[2005/05/15 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\Leadertech
[2005/04/14 15:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\MSNInstaller
[2009/01/13 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\SmarThru4
[2007/06/15 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\megan bydder\Application Data\Viewpoint
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/04/13 15:29:30 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/08 16:13:34 | 000,003,749 | RH-- | M] () -- C:\dell.sdr
[2010/05/18 23:11:23 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2005/04/13 17:08:24 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/04/08 16:33:03 | 000,000,799 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/15 09:46:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/18 23:11:22 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/05/18 16:38:01 | 000,046,718 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_18.05.2010_16.36.01_log.txt
[2010/05/18 17:12:30 | 000,046,714 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_18.05.2010_17.10.59_log.txt
[2010/05/18 19:44:55 | 000,046,714 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_18.05.2010_19.43.40_log.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\cfwids.sys
[2010/05/18 13:02:57 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
[2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\MOBK.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras logfile created on: 18/05/2010 23:19:58 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\megan bydder\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
510.00 Mb Total Physical Memory | 171.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 44.81 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 892.39 Gb Free Space | 95.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: UPSTAIRS
Current User Name: megan bydder
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"5942:TCP" = 5942:TCP:*:Enabled:Services
"5943:TCP" = 5943:TCP:*:Enabled:Services
"3427:TCP" = 3427:TCP:*:Enabled:Services
"5354:TCP" = 5354:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"5942:TCP" = 5942:TCP:*:Enabled:Services
"5943:TCP" = 5943:TCP:*:Enabled:Services
"3427:TCP" = 3427:TCP:*:Enabled:Services
"5354:TCP" = 5354:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX4500W\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4500W\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4500W\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4500W\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"btbb.MCCInstall" = BT Broadband Help
"Canon iP4500 series User Registration" = Canon iP4500 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PB-WC100 USB Camera" = PB-WC100 USB Camera
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Samsung SCX-4500W Series" = Samsung SCX-4500W Series
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/05/2010 06:20:08 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 11/05/2010 06:20:09 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 11/05/2010 06:20:09 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 11/05/2010 06:20:28 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 11/05/2010 06:20:28 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 18/05/2010 07:42:21 | Computer Name = UPSTAIRS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 18/05/2010 08:47:08 | Computer Name = UPSTAIRS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 18/05/2010 08:47:27 | Computer Name = UPSTAIRS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 18/05/2010 08:47:44 | Computer Name = UPSTAIRS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 18/05/2010 17:07:34 | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.
[ System Events ]
Error - 18/05/2010 16:49:44 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
Error - 18/05/2010 18:10:02 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7034
Description = The McAfee Online Backup service terminated unexpectedly. It has
done this 1 time(s).
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 18/05/2010 18:10:24 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 18/05/2010 18:12:04 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to the following
error: %%2
Error - 18/05/2010 18:12:04 | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2
< End of report >
Thanks again for your time.