Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multi-faceted XP problems: connectivity, sound, system


  • Please log in to reply

#1
JaneMarple

JaneMarple

    New Member

  • Member
  • Pip
  • 2 posts
1. Woke up one morning, booted computer - could connect to my home wireless network but couldn't get an IP address to complete the internet connection. Did all reboots of wireless and cable modem, called Comcast, etc.

2. While still doing basic potential fixes to internet connection (driver rollbacks, etc), booted computer next day and entire "skin" of system was different - desktop image, colors, etc. That seemed potentially viral, so ran full scans of system with McAfee and MBAM. Nothing.

3. Fortunately have kids' laptop to connect to internet without difficulty - so problem isolated on my machine (Dell Inspiron E1705).

4. Occasionally get blip of internet connectivity on boot.

5. Next problem to arise - sound no longer works (get warning when opening iTunes to burn a CD). During latest blip of internet connectivity, sound is working again as well. When internet fails, sound isn't there either.

6. Ran full pre-boot system diagnostics and nothing returns as suspect.

7. Am finishing OTL scan now as concluding step of malware/spyware guide - but maybe this is a hardware problem? don't know where to go from here...

thanks very much - janemarple
  • 0

Advertisements


#2
JaneMarple

JaneMarple

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Following are the four logs requested by a malware scan - I'm happy to redirect there if something looks suspicious! But I can't get clear direction about whether this is a malware/spyware or a hardware/system issue...

One thing I noticed in these scans is that there are some dlls marked as "missing": In the OTL log, HOSTS section, items 21 and 22. Those windows/system32 dlls are ones that were discovered in an old scan (not sure McAfee or MBAM) and quarantined/deleted. So maybe I need to find those and reload?



MBAM LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/18/2010 9:16:52 AM
mbam-log-2010-06-18 (09-16-52).txt

Scan type: Quick scan
Objects scanned: 148818
Time elapsed: 18 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=========================================================
=========================================================
GMER LOG:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 13:02:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CMPS\LOCALS~1\Temp\kgtcqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA17478A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA174821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA174738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA17474C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA174835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA174861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA1748CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA1748B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1747CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1748FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA17480D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA174710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA174724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA17479E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA174937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1748A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA17488D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA17484B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA174923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA17490F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA174776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA174762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA174877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1747F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1748E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1747E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1747B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP AA1747B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AA17478E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP AA1747CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP AA1747E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP AA1747A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP AA174714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP AA174728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP AA174766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AA174750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP AA17473C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP AA17477A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP AA1747FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP AA174891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP AA17487B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP AA1748E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP AA1748A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP AA17484F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP AA174825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP AA174839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP AA174865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP AA1748D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP AA1748BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP AA174811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP AA17493B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP AA174913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP AA174927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP AA1748FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\DRIVERS\i8042prt.sys entry point in ".rsrc" section [0xF6DAF194]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01BF000A
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01BF00BA
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01BF00A9
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01BF0098
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01BF0FDB
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01BF006C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01BF0F74
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01BF0F8F
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01BF0F59
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01BF00F2
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01BF010D
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01BF007D
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01BF0025
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01BF0FAA
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01BF005B
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01BF0040
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01BF00E1
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01BE0040
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01BE005B
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01BE0025
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01BE000A
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01BE0F9E
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01BE0FEF
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01BE0FB9
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 89]
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01BE0FCA
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01BD007A
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!system 77C293C7 5 Bytes JMP 01BD0055
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01BD0044
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01BD000C
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01BD0FE5
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01BD0029
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01BC0FDE
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01BC0FEF
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01BC0014
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01BC0031
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01AB0FE5
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0080000A
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF00B3
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0098
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0087
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0076
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00F5
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF00D8
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF013C
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF012B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0157
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0051
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF000A
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0FAD
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0036
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF001B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF011A
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0047
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0000
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0036
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0F94
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE001B
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 029E000A
.text C:\WINDOWS\System32\svchost.exe[560] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0049
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0038
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0027
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FD2
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD000C
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FC0000
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FC001B
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\System32\svchost.exe[560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01320000
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012A0000
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012A006F
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012A0F70
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012A004A
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012A0F8D
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012A0F9E
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012A0F5F
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012A009B
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012A00C2
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012A0F29
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012A0F0E
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012A0025
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012A0FDB
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012A008A
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012A0FAF
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012A0FCA
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012A0F44
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01210FB9
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01210036
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0121000A
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01210FD4
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01210025
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01210F83
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [41, 89]
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01210F9E
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01200038
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 0120001D
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0120000C
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01200FE3
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01200FAD
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01200FD2
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 011F0FEF
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 011F001B
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 011F0042
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011E0FEF
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0FEF
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0F69
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B005E
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F7A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0F97
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0025
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F42
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B008A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B00E5
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B00CA
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010B00F6
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010B0FA8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B000A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010B006F
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010B0FB9
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010B0FD4
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010B00A5
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0036
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A006C
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0FAF
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010A005B
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0109003B
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090FB0
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090FD2
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FC1
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00DB0038
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60087
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60076
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F9C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600BF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F77
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600F5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60106
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D600A2
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D600D0
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50047
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5006C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40FBE
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FD9
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D4002E
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D4000C
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40049
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D4001D
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D30016
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0097
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0086
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0075
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0058
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0F6C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB00A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00E0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0F47
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00FB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0047
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0F7D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB002C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB00CF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA0FB9
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0F79
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90FC1
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90042
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90027
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90FD2
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F9000C
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00F80FBE
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E006C
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0F77
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E0F2B
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E0F46
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E00CE
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E00B3
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E0F1A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E007D
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E002F
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E0098
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0080003D
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FCA
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800F8A
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F005A
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0049
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F001D
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F002E
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F000C
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0080006C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800F9E
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800051
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F3F
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F5C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F1A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000B3
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00800F09
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800040
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0080007D
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800098
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F57
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0F68
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0F8D
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0FA8
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0062
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0047
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0036
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001C0FD2
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001C0025
.text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001B0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029C0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 029C007F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 029C006E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029C0F94
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 029C0051
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 029C0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029C0090
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029C0F54
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029C00BC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029C0F2D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029C0F08
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 029C0036
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029C0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 029C0F6F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 029C0FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 029C001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029C00A1
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 029B0FB2
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 029B0F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 029B0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 029B0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 029B0F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 029B0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 029B002F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 029B001E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029A003A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!system 77C293C7 5 Bytes JMP 029A0029
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029A0FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029A0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029A0018
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029A0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 02990FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 0299000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02990FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02990FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02980000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F55
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F66
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F83
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770082
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F3A
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700A4
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F0B
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770EF0
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770065
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770093
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760036
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0076006C
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760FAF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 001C0F90
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!system 77C293C7 5 Bytes JMP 001C0FAB
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 001C0FE3
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 001C0FBC
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001B0FCF
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F54
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0049
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0F6F
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0F80
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB002C
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0070
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F28
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00A6
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F0D
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB00C1
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F43
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB008B
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0080002F
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00800FC3
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080005B
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800040
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0FA3
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0FBE
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0027
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0038
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 007E0014
.text C:\WINDOWS\system32\svchost.exe[2308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800F92
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800087
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800065
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FCD
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F5F
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F70
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F33
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000D6
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008000E7
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800054
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800025
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800F4E
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0F9E
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0F79
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E004C
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FC1
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E001D
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0FD2
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001C002C
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001C0FD9

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\i8042prt.sys suspicious modification

---- EOF - GMER 1.0.15 ----
================================================================================
===============
================================================================================
===============
OTL LOG:
OTL logfile created on: 6/17/2010 1:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\CMPS\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.60 Gb Total Space | 12.84 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTINA
Current User Name: CMPS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/11 20:34:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/11/16 19:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/19 01:29:54 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/09/19 01:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/09/19 01:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/09/19 01:09:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/06/10 08:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/03 22:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2003/10/29 00:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 00:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (SafeList) ==========

MOD - [2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2005/11/19 01:37:16 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/02/11 20:34:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/09/19 01:25:20 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/09/19 01:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/09/19 01:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/09/19 00:57:14 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/09/19 00:56:32 | 000,401,408 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005/05/03 22:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 19:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/20 19:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 05:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 05:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 02:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/19 08:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 08:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 08:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 08:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/19 03:08:50 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/08/26 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/08/26 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/08/26 05:33:00 | 000,086,812 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/08/26 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/08/26 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/08/26 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/08/26 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/08/26 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/08/26 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 14:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 21:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 20:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 22:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/02/02 03:22:00 | 000,088,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/11 10:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 10:07:53 | 000,000,000 | ---D | M]

[2009/01/16 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Extensions
[2010/06/04 06:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Firefox\Profiles\j8ritu3z.default\extensions
[2009/09/02 11:09:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Firefox\Profiles\j8ritu3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/16 16:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2003/11/18 14:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/04/29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: dureyagoz - {8c5dcabf-a422-4e4c-8c92-34f536597bf8} - C:\WINDOWS\System32\tevuyupu.dll File not found
O21 - SSODL: juwibezof - {5d7deb18-aa63-45a3-9e26-60b7cab97036} - C:\WINDOWS\System32\tazetayi.dll File not found
O21 - SSODL: kamovoteg - {4e9d3830-f984-417e-a4c8-49c7ad5fcbcd} - C:\WINDOWS\System32\hezubuti.dll File not found
O21 - SSODL: lagozivuw - {a0b3e927-b548-4756-a3ff-f85a4ed2a4f8} - C:\WINDOWS\System32\tonasuta.dll File not found
O21 - SSODL: liyefidog - {09f5470d-ea3d-4908-9854-a390277caf85} - C:\WINDOWS\System32\yaveyayu.dll File not found
O22 - SharedTaskScheduler: {09f5470d-ea3d-4908-9854-a390277caf85} - gahurihor - C:\WINDOWS\System32\yaveyayu.dll File not found
O22 - SharedTaskScheduler: {4e9d3830-f984-417e-a4c8-49c7ad5fcbcd} - tokatiluy - C:\WINDOWS\System32\hezubuti.dll File not found
O22 - SharedTaskScheduler: {5d7deb18-aa63-45a3-9e26-60b7cab97036} - kupuhivus - C:\WINDOWS\System32\tazetayi.dll File not found
O22 - SharedTaskScheduler: {8c5dcabf-a422-4e4c-8c92-34f536597bf8} - kupuhivus - C:\WINDOWS\System32\tevuyupu.dll File not found
O22 - SharedTaskScheduler: {a0b3e927-b548-4756-a3ff-f85a4ed2a4f8} - tokatiluy - C:\WINDOWS\System32\tonasuta.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\CMPS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CMPS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\AutoRun\command - "" = E:\r1y1.bat -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\explore\Command - "" = E:\r1y1.bat -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\open\Command - "" = E:\r1y1.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/17 11:37:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/17 11:37:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/17 11:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 11:19:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
[2010/06/11 10:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/11 10:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/01 09:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/05/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/27 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CMPS\Local Settings\Application Data\pensynaog
[2010/05/12 16:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/05/11 10:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/11 10:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/11 10:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/11 09:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/23 15:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/04/12 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Noteworthy Software

========== Files - Modified Within 90 Days ==========

[2010/06/17 13:37:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 13:34:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/17 13:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 13:34:25 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 12:20:30 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\CMPS\NTUSER.DAT
[2010/06/17 11:22:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 11:22:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\CMPS\ntuser.ini
[2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
[2010/06/17 11:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tuprfefa.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\izxmxdzg.job
[2010/06/17 09:31:56 | 000,024,055 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/17 09:29:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 10:47:19 | 000,554,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 10:47:19 | 000,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 10:47:19 | 000,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 10:25:40 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 23:27:16 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/06/06 23:23:40 | 000,000,805 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/03 18:27:57 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\NOTES.xls
[2010/06/01 09:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/31 01:48:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2010/05/30 14:58:32 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/30 14:58:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/28 17:57:01 | 000,559,051 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\bookmarks-2010-05-28.json
[2010/05/26 17:57:30 | 002,003,882 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/05/20 18:45:06 | 000,082,832 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/19 16:23:40 | 000,000,000 | ---- | M] () -- C:\Program Files\abc.html
[2010/05/15 04:43:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/14 18:51:46 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/11 10:14:20 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/04 13:36:13 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Final Draft Batting Cage Policy.doc
[2010/05/02 14:38:02 | 004,403,776 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\CAP_PUBLIC_REVIEW_3-17-2010.pdf
[2010/05/01 01:00:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 20:38:01 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\comment.doc
[2010/04/23 15:47:22 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/23 15:46:11 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/19 23:16:51 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pub
[2010/04/19 23:15:24 | 000,111,416 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search 2.pdf
[2010/04/19 23:12:14 | 000,111,436 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pdf
[2010/04/19 23:10:20 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.doc
[2010/04/17 19:25:28 | 000,029,547 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\cup-DRAFT POLICY.pdf
[2010/04/13 08:34:23 | 000,392,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 00:40:22 | 000,118,032 | ---- | M] () -- C:\Documents and Settings\CMPS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/09 16:04:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Nkosi Label 4-9-10.doc
[2010/04/02 07:49:37 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\nujepidu

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nujepidu
[2010/05/28 18:31:18 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 17:57:00 | 000,559,051 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\bookmarks-2010-05-28.json
[2010/05/20 18:45:06 | 000,082,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/19 16:23:40 | 000,000,000 | ---- | C] () -- C:\Program Files\abc.html
[2010/05/14 18:51:46 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/11 10:14:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/04 13:36:13 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Final Draft Batting Cage Policy.doc
[2010/05/02 14:38:02 | 004,403,776 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\CAP_PUBLIC_REVIEW_3-17-2010.pdf
[2010/04/26 11:16:12 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\comment.doc
[2010/04/23 15:47:22 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/23 15:46:11 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/19 23:15:24 | 000,111,416 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search 2.pdf
[2010/04/19 23:12:14 | 000,111,436 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pdf
[2010/04/19 23:11:20 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pub
[2010/04/19 22:39:09 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.doc
[2010/04/17 19:25:28 | 000,029,547 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\cup-DRAFT POLICY.pdf
[2010/04/13 02:01:13 | 001,501,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/09 16:04:16 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Nkosi Label 4-9-10.doc
[2010/02/24 12:45:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2009/02/17 15:47:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/06 13:27:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/11/09 20:23:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/21 19:07:08 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/04/19 14:38:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/19 14:36:22 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/19 14:32:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/04/06 16:41:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/24 15:23:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6j.DLL
[2006/05/20 14:05:37 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/20 14:05:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A7D90C2E27.sys
[2006/05/11 00:55:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 00:40:20 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/11 00:35:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 00:05:04 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/11 00:04:26 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/19 01:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 18:05:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 18:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 15:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/06/24 02:20:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/17 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/02/10 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/01/23 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/07/28 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/05/12 17:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2007/04/19 14:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/02 06:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/05/11 00:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/11 10:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/04/21 18:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Canon
[2009/01/23 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\HotSync
[2006/12/21 00:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\ICAClient
[2006/09/07 15:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Intermedia.NET
[2007/03/15 14:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Leadertech
[2010/05/31 01:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\NewSoft
[2007/01/30 16:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Opera
[2008/04/11 14:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\PlayFirst
[2007/04/19 14:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\ScanSoft
[2008/04/22 21:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Webshots
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\izxmxdzg.job
[2010/05/15 04:43:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/01 01:00:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\tuprfefa.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/14 18:25:01 | 000,000,632 | ---- | M] () -- C:\additdiag.txt
[2007/02/10 19:26:15 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/10/08 09:16:54 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/10/08 09:16:54 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/16 14:44:00 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/11 00:12:12 | 000,006,756 | RH-- | M] () -- C:\dell.sdr
[2008/01/04 20:58:41 | 000,002,633 | ---- | M] () -- C:\Dublin.p10
[2008/01/04 20:58:41 | 000,002,603 | ---- | M] () -- C:\flyfish.p10
[2010/06/17 13:34:25 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/16 21:30:38 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/09/12 21:47:41 | 000,014,884 | ---- | M] () -- C:\KMOON
[2008/09/11 21:40:15 | 000,014,884 | ---- | M] () -- C:\MOONMIST
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/11/04 18:34:05 | 000,001,144 | ---- | M] () -- C:\net_save.dna
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/14 20:36:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/01/04 20:58:41 | 000,002,620 | ---- | M] () -- C:\Nugent Wireless.p10
[2010/06/17 13:34:23 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/30 15:15:44 | 000,005,585 | ---- | M] () -- C:\resetlog.txt
[2008/01/04 20:58:41 | 000,002,667 | ---- | M] () -- C:\Spokane.p10
[2006/05/11 00:40:17 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2006/12/25 00:20:54 | 000,000,231 | ---- | M] () -- C:\Test.txt
[2008/01/04 20:58:41 | 000,002,638 | ---- | M] () -- C:\Th'Oaks.p10
[2007/05/29 09:32:31 | 000,976,527 | ---- | M] () -- C:\wordpress-2.2.zip

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/06/14 22:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6j.DLL
[2004/06/14 22:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6j.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 13:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\wordpress:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Webshots Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Tapestry Flier 4 May 2009 H2O jpg.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Sonas Consulting:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\seed2seed_challenge_150x.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Project Lists:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Palm OS Desktop:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\my videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\JAMIE'S STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\IrisCandle.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Cyberlink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Animal Report:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\08 Freeway Of Love.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\01 Dancing Queen 1.mp3:Roxio EMC Stream
< End of report >
==================================================================
==================================================================
OTL EXTRAS LOG:
OTL Extras logfile created on: 6/17/2010 1:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\CMPS\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.60 Gb Total Space | 12.84 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTINA
Current User Name: CMPS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"D:\bin\IA\Core\MDM_Util.exe" = D:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio UDF Reader
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A2D6D0E-34BB-489C-8571-590E67104BB4}" = Filfre
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AudibleDownloadManager" = Audible Download Manager
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bailey's Book House" = Bailey's Book House (Remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP6j.DLL" = Canon PIXMA iP4000R
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Celestia_is1" = Celestia 1.4.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"FaxSend_is1" = InterMedia.NET FaxSend
"Finale PrintMusic 2008" = Finale PrintMusic 2008
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"Google Updater" = Google Updater
"Handmark® Scrabble® for Palm OS" = Handmark® Scrabble® for Palm OS
"htmltads.exe" = HTML TADS Player Kit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Millie's Math House" = Millie's Math House (Remove only)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NoteWorthy Composer 2 Viewer" = NoteWorthy Composer 2 Viewer
"PremElem30" = Adobe Premiere Elements 3.0.2
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Webshots Desktop_is1" = Webshots Desktop
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WindowsFrotz" = Windows Frotz
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2010 2:40:38 PM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =

Error - 6/15/2010 11:49:05 AM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =

Error - 6/15/2010 5:08:58 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968

Error - 6/16/2010 11:59:19 AM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =

Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3617547

Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3617547

Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16031

Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16031

[ System Events ]
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Audio service
to connect.

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Windows Audio service failed to start due to the following error:
%%1053

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Workstation service to
connect.

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1053

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Background Intelligent
Transfer Service service to connect.

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%1053

Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1053

Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070

Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP