Following are the four logs requested by a malware scan - I'm happy to redirect there if something looks suspicious! But I can't get clear direction about whether this is a malware/spyware or a hardware/system issue...
One thing I noticed in these scans is that there are some dlls marked as "missing": In the OTL log, HOSTS section, items 21 and 22. Those windows/system32 dlls are ones that were discovered in an old scan (not sure McAfee or MBAM) and quarantined/deleted. So maybe I need to find those and reload?
MBAM LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
6/18/2010 9:16:52 AM
mbam-log-2010-06-18 (09-16-52).txt
Scan type: Quick scan
Objects scanned: 148818
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
=========================================================
=========================================================
GMER LOG:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-17 13:02:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CMPS\LOCALS~1\Temp\kgtcqpod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA17478A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA174821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA174738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA17474C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA174835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA174861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA1748CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA1748B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1747CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1748FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA17480D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA174710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA174724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA17479E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA174937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1748A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA17488D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA17484B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA174923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA17490F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA174776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA174762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA174877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1747F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1748E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1747E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1747B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP AA1747B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AA17478E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP AA1747CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP AA1747E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP AA1747A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP AA174714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP AA174728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP AA174766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AA174750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP AA17473C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP AA17477A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP AA1747FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP AA174891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP AA17487B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP AA1748E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP AA1748A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP AA17484F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP AA174825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP AA174839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP AA174865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP AA1748D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP AA1748BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP AA174811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP AA17493B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP AA174913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP AA174927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP AA1748FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\DRIVERS\i8042prt.sys entry point in ".rsrc" section [0xF6DAF194]
---- User code sections - GMER 1.0.15 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01BF000A
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01BF00BA
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01BF00A9
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01BF0098
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01BF0FDB
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01BF006C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01BF0F74
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01BF0F8F
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01BF0F59
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01BF00F2
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01BF010D
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01BF007D
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01BF0025
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01BF0FAA
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01BF005B
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01BF0040
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01BF00E1
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01BE0040
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01BE005B
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01BE0025
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01BE000A
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01BE0F9E
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01BE0FEF
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01BE0FB9
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 89]
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01BE0FCA
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01BD007A
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!system 77C293C7 5 Bytes JMP 01BD0055
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01BD0044
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01BD000C
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01BD0FE5
.text C:\WINDOWS\Explorer.EXE[204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01BD0029
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01BC0FDE
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01BC0FEF
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01BC0014
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01BC0031
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01AB0FE5
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0080000A
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF00B3
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0098
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0087
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0076
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00F5
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF00D8
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF013C
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF012B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0157
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0051
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF000A
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0FAD
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0036
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF001B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF011A
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0047
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0000
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0036
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0F94
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE001B
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 029E000A
.text C:\WINDOWS\System32\svchost.exe[560] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0049
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0038
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0027
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FD2
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD000C
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FC0000
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FC001B
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\System32\svchost.exe[560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01320000
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012A0000
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012A006F
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012A0F70
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012A004A
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012A0F8D
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012A0F9E
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012A0F5F
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012A009B
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012A00C2
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012A0F29
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012A0F0E
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012A0025
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012A0FDB
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012A008A
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012A0FAF
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012A0FCA
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012A0F44
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01210FB9
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01210036
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0121000A
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01210FD4
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01210025
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01210F83
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [41, 89]
.text C:\WINDOWS\system32\services.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01210F9E
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01200038
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 0120001D
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0120000C
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01200FE3
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01200FAD
.text C:\WINDOWS\system32\services.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01200FD2
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 011F0FEF
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 011F001B
.text C:\WINDOWS\system32\services.exe[1112] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 011F0042
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011E0FEF
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0FEF
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0F69
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B005E
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F7A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0F97
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0025
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F42
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B008A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B00E5
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B00CA
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010B00F6
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010B0FA8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B000A
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010B006F
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010B0FB9
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010B0FD4
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010B00A5
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0036
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A006C
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0FAF
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010A005B
.text C:\WINDOWS\system32\lsass.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0109003B
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090FB0
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090FD2
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FC1
.text C:\WINDOWS\system32\lsass.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\lsass.exe[1124] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00DB0038
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60087
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60076
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F9C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600BF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F77
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600F5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60106
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D600A2
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D600D0
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50047
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5006C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40FBE
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FD9
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D4002E
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D4000C
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40049
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D4001D
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D30016
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0097
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0086
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0075
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0058
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0F6C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB00A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00E0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0F47
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00FB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0047
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0F7D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB002C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB00CF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA0FB9
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0F79
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90FC1
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90042
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90027
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90FD2
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F9000C
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00F80FBE
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E006C
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0F77
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E0F2B
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E0F46
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E00CE
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E00B3
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E0F1A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E007D
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E002F
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E0098
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0080003D
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FCA
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800F8A
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F005A
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0049
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F001D
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F002E
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F000C
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0080006C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800F9E
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800051
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F3F
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F5C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F1A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000B3
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00800F09
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800040
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0080007D
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800098
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F57
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0F68
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0F8D
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0FA8
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0062
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0047
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0036
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001C0FD2
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001C0025
.text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001B0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029C0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 029C007F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 029C006E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029C0F94
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 029C0051
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 029C0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029C0090
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029C0F54
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029C00BC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029C0F2D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029C0F08
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 029C0036
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029C0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 029C0F6F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 029C0FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 029C001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029C00A1
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 029B0FB2
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 029B0F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 029B0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 029B0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 029B0F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 029B0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 029B002F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 029B001E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029A003A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!system 77C293C7 5 Bytes JMP 029A0029
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029A0FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029A0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029A0018
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029A0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 02990FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 0299000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02990FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02990FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02980000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F55
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F66
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F83
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770082
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F3A
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700A4
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F0B
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770EF0
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770065
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770093
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760036
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0076006C
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760FAF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 001C0F90
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!system 77C293C7 5 Bytes JMP 001C0FAB
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 001C0FE3
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 001C0FBC
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001B0FCF
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F54
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0049
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0F6F
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0F80
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB002C
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0070
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F28
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00A6
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F0D
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB00C1
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F43
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[2308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB008B
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0080002F
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00800FC3
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080005B
.text C:\WINDOWS\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800040
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0FA3
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0FBE
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0027
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0038
.text C:\WINDOWS\system32\svchost.exe[2308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[2308] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 007E0014
.text C:\WINDOWS\system32\svchost.exe[2308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800F92
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800087
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800065
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FCD
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F5F
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F70
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F33
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000D6
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008000E7
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800054
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800025
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800F4E
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0F9E
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0F79
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E004C
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FC1
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E001D
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0FD2
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 001C002C
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 001C0FD9
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys suspicious modification
---- EOF - GMER 1.0.15 ----
================================================================================
===============
================================================================================
===============
OTL LOG:
OTL logfile created on: 6/17/2010 1:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\CMPS\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.60 Gb Total Space | 12.84 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHRISTINA
Current User Name: CMPS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/11 20:34:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/11/16 19:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/19 01:29:54 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/09/19 01:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/09/19 01:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/09/19 01:09:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/06/10 08:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/03 22:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2003/10/29 00:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 00:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
========== Modules (SafeList) ========== MOD - [2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2005/11/19 01:37:16 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll
========== Win32 Services (SafeList) ========== SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/02/11 20:34:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/09/19 01:25:20 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/09/19 01:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/09/19 01:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/09/19 00:57:14 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/09/19 00:56:32 | 000,401,408 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005/05/03 22:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 19:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
========== Driver Services (SafeList) ========== DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/20 19:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 05:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 05:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 02:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/19 08:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 08:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 08:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 08:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/19 03:08:50 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/08/26 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/08/26 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/08/26 05:33:00 | 000,086,812 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/08/26 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/08/26 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/08/26 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/08/26 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/08/26 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/08/26 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 14:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 21:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 20:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 22:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/02/02 03:22:00 | 000,088,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.netflix.com/MemberHomeIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://my.yahoo.com/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/11 10:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 10:07:53 | 000,000,000 | ---D | M]
[2009/01/16 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Extensions
[2010/06/04 06:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Firefox\Profiles\j8ritu3z.default\extensions
[2009/09/02 11:09:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CMPS\Application Data\Mozilla\Firefox\Profiles\j8ritu3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/16 16:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2003/11/18 14:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/04/29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn...ro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: dureyagoz - {8c5dcabf-a422-4e4c-8c92-34f536597bf8} - C:\WINDOWS\System32\tevuyupu.dll File not found
O21 - SSODL: juwibezof - {5d7deb18-aa63-45a3-9e26-60b7cab97036} - C:\WINDOWS\System32\tazetayi.dll File not found
O21 - SSODL: kamovoteg - {4e9d3830-f984-417e-a4c8-49c7ad5fcbcd} - C:\WINDOWS\System32\hezubuti.dll File not found
O21 - SSODL: lagozivuw - {a0b3e927-b548-4756-a3ff-f85a4ed2a4f8} - C:\WINDOWS\System32\tonasuta.dll File not found
O21 - SSODL: liyefidog - {09f5470d-ea3d-4908-9854-a390277caf85} - C:\WINDOWS\System32\yaveyayu.dll File not found
O22 - SharedTaskScheduler: {09f5470d-ea3d-4908-9854-a390277caf85} - gahurihor - C:\WINDOWS\System32\yaveyayu.dll File not found
O22 - SharedTaskScheduler: {4e9d3830-f984-417e-a4c8-49c7ad5fcbcd} - tokatiluy - C:\WINDOWS\System32\hezubuti.dll File not found
O22 - SharedTaskScheduler: {5d7deb18-aa63-45a3-9e26-60b7cab97036} - kupuhivus - C:\WINDOWS\System32\tazetayi.dll File not found
O22 - SharedTaskScheduler: {8c5dcabf-a422-4e4c-8c92-34f536597bf8} - kupuhivus - C:\WINDOWS\System32\tevuyupu.dll File not found
O22 - SharedTaskScheduler: {a0b3e927-b548-4756-a3ff-f85a4ed2a4f8} - tokatiluy - C:\WINDOWS\System32\tonasuta.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\CMPS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CMPS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\AutoRun\command - "" = E:\r1y1.bat -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\explore\Command - "" = E:\r1y1.bat -- File not found
O33 - MountPoints2\{7b22ed28-b350-11dd-ad8e-00038a000015}\Shell\open\Command - "" = E:\r1y1.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
========== Files/Folders - Created Within 90 Days ========== [2010/06/17 11:37:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/17 11:37:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/17 11:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 11:19:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
[2010/06/11 10:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/11 10:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/01 09:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/05/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/27 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CMPS\Local Settings\Application Data\pensynaog
[2010/05/12 16:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/05/11 10:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/11 10:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/11 10:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/11 09:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/23 15:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/04/12 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Noteworthy Software
========== Files - Modified Within 90 Days ========== [2010/06/17 13:37:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 13:34:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/17 13:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 13:34:25 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 12:20:30 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\CMPS\NTUSER.DAT
[2010/06/17 11:22:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 11:22:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\CMPS\ntuser.ini
[2010/06/17 11:18:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMPS\Desktop\OTL.exe
[2010/06/17 11:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tuprfefa.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\izxmxdzg.job
[2010/06/17 09:31:56 | 000,024,055 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/17 09:29:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 10:47:19 | 000,554,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 10:47:19 | 000,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 10:47:19 | 000,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 10:25:40 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 23:27:16 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/06/06 23:23:40 | 000,000,805 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/03 18:27:57 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\NOTES.xls
[2010/06/01 09:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/31 01:48:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2010/05/30 14:58:32 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/30 14:58:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/28 17:57:01 | 000,559,051 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\bookmarks-2010-05-28.json
[2010/05/26 17:57:30 | 002,003,882 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/05/20 18:45:06 | 000,082,832 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/19 16:23:40 | 000,000,000 | ---- | M] () -- C:\Program Files\abc.html
[2010/05/15 04:43:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/14 18:51:46 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/11 10:14:20 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/04 13:36:13 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Final Draft Batting Cage Policy.doc
[2010/05/02 14:38:02 | 004,403,776 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\CAP_PUBLIC_REVIEW_3-17-2010.pdf
[2010/05/01 01:00:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 20:38:01 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\comment.doc
[2010/04/23 15:47:22 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/23 15:46:11 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/19 23:16:51 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pub
[2010/04/19 23:15:24 | 000,111,416 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search 2.pdf
[2010/04/19 23:12:14 | 000,111,436 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pdf
[2010/04/19 23:10:20 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.doc
[2010/04/17 19:25:28 | 000,029,547 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\cup-DRAFT POLICY.pdf
[2010/04/13 08:34:23 | 000,392,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 00:40:22 | 000,118,032 | ---- | M] () -- C:\Documents and Settings\CMPS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/09 16:04:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\CMPS\My Documents\Nkosi Label 4-9-10.doc
[2010/04/02 07:49:37 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\nujepidu
========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nujepidu
[2010/05/28 18:31:18 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 17:57:00 | 000,559,051 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\bookmarks-2010-05-28.json
[2010/05/20 18:45:06 | 000,082,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/19 16:23:40 | 000,000,000 | ---- | C] () -- C:\Program Files\abc.html
[2010/05/14 18:51:46 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/11 10:14:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/04 13:36:13 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Final Draft Batting Cage Policy.doc
[2010/05/02 14:38:02 | 004,403,776 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\CAP_PUBLIC_REVIEW_3-17-2010.pdf
[2010/04/26 11:16:12 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\comment.doc
[2010/04/23 15:47:22 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/23 15:46:11 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/19 23:15:24 | 000,111,416 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search 2.pdf
[2010/04/19 23:12:14 | 000,111,436 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pdf
[2010/04/19 23:11:20 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.pub
[2010/04/19 22:39:09 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Chris search.doc
[2010/04/17 19:25:28 | 000,029,547 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\cup-DRAFT POLICY.pdf
[2010/04/13 02:01:13 | 001,501,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/09 16:04:16 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\CMPS\My Documents\Nkosi Label 4-9-10.doc
[2010/02/24 12:45:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2009/02/17 15:47:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/06 13:27:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/11/09 20:23:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/21 19:07:08 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/04/19 14:38:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/19 14:36:22 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/19 14:32:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/04/06 16:41:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/24 15:23:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6j.DLL
[2006/05/20 14:05:37 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/20 14:05:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A7D90C2E27.sys
[2006/05/11 00:55:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 00:40:20 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/11 00:35:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 00:05:04 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/11 00:04:26 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/19 01:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 18:05:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 18:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 15:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/06/24 02:20:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ========== [2009/03/17 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/02/10 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/01/23 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/07/28 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/05/12 17:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2007/04/19 14:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/02 06:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/05/11 00:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/11 10:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/04/21 18:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Canon
[2009/01/23 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\HotSync
[2006/12/21 00:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\ICAClient
[2006/09/07 15:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Intermedia.NET
[2007/03/15 14:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Leadertech
[2010/05/31 01:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\NewSoft
[2007/01/30 16:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Opera
[2008/04/11 14:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\PlayFirst
[2007/04/19 14:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\ScanSoft
[2008/04/22 21:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CMPS\Application Data\Webshots
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\izxmxdzg.job
[2010/05/15 04:43:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/01 01:00:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\tuprfefa.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010/06/14 18:25:01 | 000,000,632 | ---- | M] () -- C:\additdiag.txt
[2007/02/10 19:26:15 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/10/08 09:16:54 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/10/08 09:16:54 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/16 14:44:00 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/11 00:12:12 | 000,006,756 | RH-- | M] () -- C:\dell.sdr
[2008/01/04 20:58:41 | 000,002,633 | ---- | M] () -- C:\Dublin.p10
[2008/01/04 20:58:41 | 000,002,603 | ---- | M] () -- C:\flyfish.p10
[2010/06/17 13:34:25 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/16 21:30:38 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/09/12 21:47:41 | 000,014,884 | ---- | M] () -- C:\KMOON
[2008/09/11 21:40:15 | 000,014,884 | ---- | M] () -- C:\MOONMIST
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/11/04 18:34:05 | 000,001,144 | ---- | M] () -- C:\net_save.dna
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/14 20:36:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/01/04 20:58:41 | 000,002,620 | ---- | M] () -- C:\Nugent Wireless.p10
[2010/06/17 13:34:23 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/30 15:15:44 | 000,005,585 | ---- | M] () -- C:\resetlog.txt
[2008/01/04 20:58:41 | 000,002,667 | ---- | M] () -- C:\Spokane.p10
[2006/05/11 00:40:17 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2006/12/25 00:20:54 | 000,000,231 | ---- | M] () -- C:\Test.txt
[2008/01/04 20:58:41 | 000,002,638 | ---- | M] () -- C:\Th'Oaks.p10
[2007/05/29 09:32:31 | 000,976,527 | ---- | M] () -- C:\wordpress-2.2.zip
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2004/06/14 22:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6j.DLL
[2004/06/14 22:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6j.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 13:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\wordpress:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Webshots Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Tapestry Flier 4 May 2009 H2O jpg.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Sonas Consulting:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\seed2seed_challenge_150x.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Project Lists:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Palm OS Desktop:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\my videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\JAMIE'S STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\IrisCandle.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Cyberlink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Animal Report:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\08 Freeway Of Love.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\CMPS\My Documents\01 Dancing Queen 1.mp3:Roxio EMC Stream
< End of report >
==================================================================
==================================================================
OTL EXTRAS LOG:
OTL Extras logfile created on: 6/17/2010 1:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\CMPS\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.60 Gb Total Space | 12.84 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHRISTINA
Current User Name: CMPS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"D:\bin\IA\Core\MDM_Util.exe" = D:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio UDF Reader
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A2D6D0E-34BB-489C-8571-590E67104BB4}" = Filfre
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AudibleDownloadManager" = Audible Download Manager
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bailey's Book House" = Bailey's Book House (Remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP6j.DLL" = Canon PIXMA iP4000R
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Celestia_is1" = Celestia 1.4.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"FaxSend_is1" = InterMedia.NET FaxSend
"Finale PrintMusic 2008" = Finale PrintMusic 2008
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"Google Updater" = Google Updater
"Handmark® Scrabble® for Palm OS" = Handmark® Scrabble® for Palm OS
"htmltads.exe" = HTML TADS Player Kit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Millie's Math House" = Millie's Math House (Remove only)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NoteWorthy Composer 2 Viewer" = NoteWorthy Composer 2 Viewer
"PremElem30" = Adobe Premiere Elements 3.0.2
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Webshots Desktop_is1" = Webshots Desktop
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WindowsFrotz" = Windows Frotz
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/14/2010 2:40:38 PM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =
Error - 6/15/2010 11:49:05 AM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =
Error - 6/15/2010 5:08:58 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968
Error - 6/16/2010 11:59:19 AM | Computer Name = CHRISTINA | Source = Google Update | ID = 20
Description =
Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3617547
Error - 6/16/2010 3:41:19 PM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3617547
Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16031
Error - 6/17/2010 12:47:04 AM | Computer Name = CHRISTINA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16031
[ System Events ]
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Audio service
to connect.
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Windows Audio service failed to start due to the following error:
%%1053
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Workstation service to
connect.
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1053
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Background Intelligent
Transfer Service service to connect.
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%1053
Error - 6/17/2010 4:34:57 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1053
Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
Error - 6/17/2010 4:36:23 PM | Computer Name = CHRISTINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp
< End of report >