My PC is really struggling, I need help!
1. My PC has been getting progressively slower recently. I have been trying to sort it out myself, so have gone through the malware removal process and that found and removed a few things (including trojan.agent/gen backdoor.bot[zbot] and malware.trace), I also had a stage a couple of weeks ago where loads of programs would be shown in the task manager 00001 00002 00003 etc (and other names) but I could manually stop those. I tried the redirect removal, but OTM was just crashing the PC,then did some of the prevention measures, but the problems are still not solved. I have run numerous scans etc over the last few days but it's just getting worse, now it is unbearably slow in Safe Mode and crashes and has errors on normal startup. I have run the following, some I already had, others were found through this forum, but it's got to the point where I need help.
McAfee scans
Avast Scans (now removed from PC)
Adaware Scans
Malwarebytes Scans
Superantispyware Scans
Win ASO Registry Optimiser
I also have the following on my desktop now, some ran some didn't:
ERUNT
NTREGOPT
TFC
OTM
GooredFix
TDSKiller
OTL
GMER
I have attached below the OTL reports, after many attempts I have now managed to get one from GMER and added it to the bottom of this post.
Today I am also getting a message on startup sometimes saying "windows has experienced a serious error" then it sends a report to MS. In safe mode I am also having a problem where McAfee is using all the CPU, so anything else takes an age to run.
OTL logfile created on: 28/07/2010 09:06:41 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,022.00 Mb Total Physical Memory | 306.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 116.30 Gb Free Space | 78.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVEHP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
2.
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QSCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Z-SANService) -- C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows ® 2000/XP)
DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)
DRV - (SFSZ) -- C:\WINDOWS\system32\drivers\sfsz.sys (DataPlow, Incorporated)
DRV - (ZetBus) -- C:\WINDOWS\system32\drivers\ZetBus.sys (Zetera Corporation)
DRV - (ZetSFD) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys (Zetera Corporation)
DRV - (ZetMPD) -- C:\WINDOWS\system32\drivers\ZetMPD.sys (Zetera Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ig?hl=en [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...r=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.51
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.http_por: ""
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 10:16:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/30 09:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 10:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 15:25:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 16:12:05 | 000,000,000 | ---D | M]
[2010/01/20 15:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/20 15:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/09 12:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/03/27 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/07/27 16:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions
[2010/04/27 19:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/05 08:22:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/15 19:42:59 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2)
[2010/07/27 15:26:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/22 15:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/06/15 14:13:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2008/07/15 19:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\amin.eft_PhProxy@gmail(2).com
[2008/07/15 19:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).org
[2008/10/08 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2010/05/10 08:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2009/08/13 13:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).jung
[2010/06/14 14:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2008/07/15 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(2).com
[2009/08/13 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(3).com
[2010/04/12 16:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2007/03/27 14:47:44 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\searchplugins\siteadvisor.xml
[2010/07/27 16:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/27 14:42:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/27 15:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/15 19:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Proxybar@Proxy-trash
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/27 15:33:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 15:24:32 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/02 13:03:02 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/07/27 17:32:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100514083546.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile) - {D5233FCD-D258-4903-89B8-FB1568E7413D} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (MSN Games Matchmaking)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games Game Chat)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168334057234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sageuk.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\HPQ1280h.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\HPQ1280h.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5B6CD562-B451-4338-A1DB-0D7929D82601}\Shell - "" = AutoRun
O33 - MountPoints2\{5B6CD562-B451-4338-A1DB-0D7929D82601}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{A9B7B29B-3FEB-4568-B2B7-47F913E81889}\Shell - "" = AutoRun
O33 - MountPoints2\{A9B7B29B-3FEB-4568-B2B7-47F913E81889}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/07/27 20:13:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/27 17:48:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/27 17:27:50 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/27 17:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/07/27 17:25:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:12:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/27 17:09:38 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
[2010/07/27 16:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2010/07/27 15:33:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 15:33:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 15:33:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/27 15:33:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/27 15:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\geekstogo sys restore
[2010/07/27 12:06:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/27 12:05:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/27 12:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/27 12:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/27 11:46:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/23 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bell Images
[2010/07/22 16:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/07/22 13:14:21 | 000,013,824 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/07/22 13:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
[2010/07/14 08:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/07/12 12:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2010/06/28 17:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/28 17:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2010/07/28 08:51:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/28 08:50:59 | 000,000,742 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/28 08:26:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/28 08:26:04 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/28 08:25:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 08:25:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/28 03:39:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/28 03:36:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/28 03:36:36 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/28 03:36:14 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\BWWI.job
[2010/07/28 03:36:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 03:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 03:35:54 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 03:24:26 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/28 03:24:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/28 03:24:14 | 004,314,174 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/28 03:03:23 | 000,553,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/28 03:03:23 | 000,479,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/28 03:03:23 | 000,085,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 17:52:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 17:48:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/27 17:32:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/27 17:26:09 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/07/27 17:25:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:09:40 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 17:05:57 | 000,422,091 | ---- | M] () -- C:\Documents and Settings\Administrator\.ranktracker.properties
[2010/07/27 16:42:30 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:33:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 15:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 15:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/27 15:33:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 15:33:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/27 15:25:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 14:59:32 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
[2010/07/27 14:51:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/27 14:50:29 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
[2010/07/27 12:06:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:46:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/27 09:43:57 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/26 16:34:07 | 000,202,723 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Horizon Pump Clip.jpg
[2010/07/26 14:56:31 | 001,942,236 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Great Bustard.jpg
[2010/07/26 14:56:26 | 001,928,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spire Ale.jpg
[2010/07/26 14:50:26 | 000,025,508 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\stonehenge-pigswill.jpg
[2010/07/26 14:49:41 | 000,031,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6x-pump-clip.jpg
[2010/07/23 12:07:56 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/23 08:49:44 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/22 15:50:02 | 000,176,637 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:12 | 000,442,125 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/19 13:08:20 | 000,000,760 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/07/16 14:15:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office FrontPage 2003 (2).lnk
[2010/07/16 12:37:07 | 000,053,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:40 | 000,045,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:45:00 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.bak
[2010/07/12 12:43:03 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk
[2010/07/03 11:25:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 09:05:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 09:05:28 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/30 08:20:22 | 000,053,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Template Receipt the bell.pdf
[2010/06/28 12:18:17 | 000,047,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Hosting Confirmation.pdf
========== Files Created - No Company Name ==========
[2010/07/27 17:52:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 17:26:01 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/07/27 16:42:28 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:25:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 14:53:26 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/27 14:41:33 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
[2010/07/27 12:06:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:40:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/27 11:34:32 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/27 09:42:34 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/26 16:34:07 | 000,202,723 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Horizon Pump Clip.jpg
[2010/07/26 14:56:30 | 001,942,236 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Great Bustard.jpg
[2010/07/26 14:56:25 | 001,928,595 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spire Ale.jpg
[2010/07/26 14:50:50 | 000,025,508 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\stonehenge-pigswill.jpg
[2010/07/26 14:49:59 | 000,031,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6x-pump-clip.jpg
[2010/07/22 15:50:02 | 000,176,637 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:03 | 000,442,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/16 12:37:04 | 000,053,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:41 | 000,045,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:43:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.new.LOG
[2010/07/12 12:43:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk
[2010/06/30 08:20:14 | 000,053,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Template Receipt the bell.pdf
[2010/06/28 12:18:07 | 000,047,726 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Hosting Confirmation.pdf
[2010/04/28 15:37:44 | 000,000,760 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2010/04/26 10:53:56 | 000,093,184 | RHS- | C] () -- C:\WINDOWS\System32\winfaxe.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/13 18:58:59 | 000,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2007/10/08 12:50:57 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/10/08 12:50:57 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/06/05 17:55:05 | 000,000,243 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2007/05/16 16:44:01 | 000,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/23 12:09:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/01/11 14:16:02 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/01/11 14:16:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/01/11 14:16:02 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/08 13:40:00 | 000,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/09 13:39:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/09 13:35:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/09 13:33:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/03 22:33:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/02/24 16:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/17 21:00:55 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2002/05/08 10:12:22 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ==========
[2008/05/13 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AceBIT
[2010/02/22 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACT
[2007/01/08 18:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/06/15 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\C8D1D49FF8E60DCC0ED4D06536BF3598
[2007/05/16 16:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\deskPDF
[2008/06/02 09:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker
[2007/03/08 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Good Keywords v2
[2010/06/15 17:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBP
[2007/01/05 09:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Interact Commerce
[2010/02/23 10:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage
[2007/01/17 18:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/07/28 09:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2010/07/27 16:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
[2009/12/07 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2007/05/28 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software
[2009/08/07 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2010/01/20 15:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2008/01/23 16:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2009/08/13 13:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouSendIt
[2008/05/13 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2010/02/22 13:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Act
[2010/07/27 14:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/12 15:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/19 14:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/05/28 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/07/22 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2008/12/11 12:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software, Inc
[2010/04/28 08:45:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/07/28 08:51:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/28 03:36:14 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\BWWI.job
[2010/07/28 03:39:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/27 14:59:32 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
[2010/07/28 08:26:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/28 03:35:51 | 000,028,444 | ---- | M] () -- C:\aaw7boot.log
[2008/12/10 13:13:10 | 000,063,425 | ---- | M] () -- C:\ActExtLog.txt
[2010/07/23 08:49:44 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2007/02/23 13:21:09 | 000,466,074 | ---- | M] () -- C:\CIS NRS manual 2007.pdf
[2008/12/16 12:55:23 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/07/28 03:35:54 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/15 18:10:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/04 10:36:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/28 03:35:53 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2007/02/05 19:07:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/02/20 10:18:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/02/20 10:30:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/03/22 10:48:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/04/09 17:05:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/04/10 08:59:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/04/11 08:28:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/04/11 16:20:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/04/13 09:21:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/04/30 09:24:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/05/15 17:26:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/05/16 17:30:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/05/17 09:34:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/05/17 09:52:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/03/14 23:22:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/24 08:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/24 08:30:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/02/05 19:07:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/02/20 10:18:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/02/20 10:30:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/03/22 10:48:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/04/09 17:05:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/04/10 08:59:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/04/11 08:28:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/04/11 16:20:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/04/13 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/04/30 09:24:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/05/15 17:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/05/16 17:30:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/05/17 09:34:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/05/17 09:52:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/24 08:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/24 08:30:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/27 17:29:04 | 000,050,202 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_27.07.2010_17.28.04_log.txt
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/09 14:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/04/26 10:53:56 | 000,093,184 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winfaxe.dll
< %systemroot%\Tasks\*.job /lockedfiles >
[2010/07/28 03:36:14 | 000,000,316 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\BWWI.job
< %systemroot%\System32\config\*.sav >
[2004/08/09 07:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 07:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 07:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-28 02:09:04
< End of report >
OTL Extras logfile created on: 28/07/2010 09:06:41 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,022.00 Mb Total Physical Memory | 306.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 116.30 Gb Free Space | 78.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVEHP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Actinic v8\Catalog.exe" = C:\Program Files\Actinic v8\Catalog.exe:*:Enabled:Catalog - Internet Sales Application -- (Actinic Software Limited)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Business Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Business Broadband Desktop Help Notifier -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1761224D-B108-4921-BB02-5551F7B412F6}" = Google AdWords Editor
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3672E1B-021F-4F50-A891-609471CCF941}" = NETGEAR Storage Central Manager Utility
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C08E4323-261D-4B2F-8F24-CDB26E2AA081}" = Iomega Home Storage Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Actinic Catalog v8" = Actinic v8
"Actinic Payment Service Providers v8" = Actinic Payment Service Providers Component v8
"Actinic Shared SSL Service Providers Component v8" = Actinic Shared SSL Service Providers Component V8
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"Crimson Editor SVN286" = Crimson Editor SVN286
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Good Keywords v3_is1" = Good Keywords v3 042209
"Google Updater" = Google Updater
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"GSiteCrawler" = GSiteCrawler
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.1)" = Mozilla Thunderbird (3.1.1)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"RankTracker" = Rank Tracker
"RealPlayer 6.0" = RealPlayer
"seopowersuite" = Rank Tracker
"SmartSync Pro" = SmartSync Pro
"TUGZip_is1" = TUGZip 3.4
"WebCEO70_is1" = Web CEO 8.1
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.452
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/07/2010 15:04:11 | Computer Name = STEVEHP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1320 (0x528) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP20\A0004087.inf
by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 23/07/2010 03:37:05 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 03:40:14 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:06:20 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001432c8.
Error - 23/07/2010 04:06:21 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:09:32 | Computer Name = STEVEHP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2264 (0x8d8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\WgaTray.exe
by \??\C:\WINDOWS\system32\winlogon.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 23/07/2010 04:13:20 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:13:40 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001532c8.
Error - 23/07/2010 04:17:40 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:18:21 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001532c8.
[ Application Events ]
Error - 22/07/2010 15:04:11 | Computer Name = STEVEHP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1320 (0x528) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP20\A0004087.inf
by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 23/07/2010 03:37:05 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 03:40:14 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:06:20 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001432c8.
Error - 23/07/2010 04:06:21 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:09:32 | Computer Name = STEVEHP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2264 (0x8d8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\WgaTray.exe
by \??\C:\WINDOWS\system32\winlogon.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 23/07/2010 04:13:20 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:13:40 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001532c8.
Error - 23/07/2010 04:17:40 | Computer Name = STEVEHP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 23/07/2010 04:18:21 | Computer Name = STEVEHP | Source = Application Error | ID = 1000
Description = Faulting application ptrvta.exe, version 6.45.0.874, faulting module
unknown, version 0.0.0.0, fault address 0x001532c8.
[ System Events ]
Error - 27/07/2010 12:21:15 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7000
Description = The QSCopyEngine service failed to start due to the following error:
%%1053
Error - 27/07/2010 12:21:15 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 27/07/2010 12:21:49 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 27/07/2010 12:21:58 | Computer Name = STEVEHP | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 b717a108, parameter2 000000ff, parameter3
00000001, parameter4 80546a19.
Error - 27/07/2010 12:30:23 | Computer Name = STEVEHP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 27/07/2010 12:32:07 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt ZetSFD
Error - 27/07/2010 12:32:08 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).
Error - 27/07/2010 12:32:08 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.
Error - 27/07/2010 12:32:08 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).
Error - 27/07/2010 12:32:08 | Computer Name = STEVEHP | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
3.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 15:24:59
Windows 5.1.2600 Service Pack 3
Running: z5zt5jcg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwddypob.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7660BFE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7416DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7416DF2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7416E48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7416D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7416D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7416D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7416DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7416E1E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7416E72]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7416E5E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7416E32]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP F7416E36 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP F7416E4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP F7416E62 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C05DA 5 Bytes JMP F7416E22 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP F7416D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP F7416D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP F7416E76 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP F7416DE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP F7416DCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP F7416DF6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP F7416DA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D0B360, 0x24BB1D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FC0000
.text C:\WINDOWS\Explorer.EXE[564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FC0FDB
.text C:\WINDOWS\Explorer.EXE[564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FC001B
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F72
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F83
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB005B
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0F9E
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0F3C
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F4D
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0EFF
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0F1A
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0EE4
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB004A
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0078
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB002F
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0014
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F2B
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90069
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E9001B
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90058
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E9000A
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E90047
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90036
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80069
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80FDE
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E80033
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E8000C
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E80044
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E60000
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E7000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80040
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F4B
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80F72
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80F83
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80082
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F3A
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D80EFD
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80F0E
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D80EE2
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80F9E
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80065
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80025
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80F1F
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E4002C
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E4005B
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40FDB
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E4001B
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FAF
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0027
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0F9C
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB000C
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FB7
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0FD2
.text C:\WINDOWS\system32\services.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F5C
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F24
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F35
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00AC
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F13
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0EF8
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0091
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10FAB
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F1002F
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F10014
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F10FBC
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F10FCD
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [11, 89]
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F1004A
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB0
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FC1
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0027
.text C:\WINDOWS\system32\lsass.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\lsass.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 025C0000
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025C0022
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 025C0011
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025B0FEF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025B0F64
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025B0F75
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B0F86
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025B0F97
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025B0FC3
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025B0F35
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025B0087
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025B0EF8
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025B0F09
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025B00AC
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025B0FB2
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025B0FDE
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025B006A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025B0025
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025B0014
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025B0F1A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025F0FA5
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025F0F57
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025F0000
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025F0FD4
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025F0F68
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025F0FE5
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 025F0F79
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [7F, 8A] {JG 0xffffffffffffff8c}
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025F0F94
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025E0FA1
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!system 77C293C7 5 Bytes JMP 025E0FB2
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025E0022
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025E0000
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025E0FCD
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025E0011
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025D0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F9E
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0089
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB006C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F5C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB00AE
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00F5
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB00D0
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB0F41
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB005B
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F83
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB00BF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D3007D
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D30036
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D30FC0
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D30062
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D30047
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0FAD
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0038
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE001D
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FC8
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE000C
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03CB0FC3
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03CB0FD4
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03CA0000
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03CA008D
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03CA007C
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03CA005F
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03CA004E
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03CA002C
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03CA00C5
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03CA00A8
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03CA00E0
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03CA0F47
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03CA00F1
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03CA003D
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03CA0FE5
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03CA0F7D
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03CA0FCA
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03CA001B
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03CA0F62
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03C4003D
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03C4009F
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03C40022
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03C40011
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03C40084
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03C40000
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03C40073
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03C40062
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03CD003B
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!system 77C293C7 5 Bytes JMP 03CD0FA6
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03CD0FD2
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03CD0000
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03CD0FB7
.text C:\WINDOWS\System32\svchost.exe[1480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03CD0FEF
.text C:\WINDOWS\System32\svchost.exe[1480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03CF0FEF
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03CE0000
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03CE001B
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03CE002C
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03CE0FDB
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006400A7
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00640096
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006400CE
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00640F7C
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00640F57
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006400FA
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00640F46
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00640065
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006400DF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00630FCD
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00630076
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00630065
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0063004A
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00630039
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00660FB2
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00660047
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00660FE3
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0066002C
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0FDE
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0014
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E0F7B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0070
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E005F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E004E
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0022
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F34
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F4F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E00A1
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E0F08
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0EED
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0033
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E0F6A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0FB6
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E0F23
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D002F
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D006C
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D005B
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D0040
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0FC3
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00810FB9
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!system 77C293C7 5 Bytes JMP 0081004E
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00810029
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0081000C
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810FDE
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00800000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 44C30000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 44C30FDB
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 44C30011
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 44C20FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 44C20F72
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 44C20067
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 44C20056
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 44C20F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 44C20FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 44C20093
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 44C20082
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 44C200AE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 44C20F1F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 44C20F04
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 44C20FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 44C2000A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 44C20F57
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 44C2001B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 44C20FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 44C20F30
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 44C00FA3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 44C0002E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 44C00FD2
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 44C00FE3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 44C0001D
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 44C00000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 44C1002F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 44C10076
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 44C1001E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 44C10FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 44C10FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 44C10FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 44C1005B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 44C1004A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 44BF000A
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F68
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F83
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F2D
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF007F
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F01
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF009A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF006E
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F1C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C2005D
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C2002E
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2001D
.text C:\WINDOWS\system32\svchost.exe[1720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F69
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C2005E
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F86
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20043
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20080
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F44
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200B6
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F1D
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F02
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20F97
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C2006F
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20014
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C2009B
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C1005B
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00018
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00033
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BE003D
.text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[2568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[2568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[2568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00C4
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC009D
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F3C
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00FA
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\system32\svchost.exe[2568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00D5
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FA1
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FC6
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FE3
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[2568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1648] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1648] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
4. The PC is working sporadically, sometimes it just turns off (no BSOD just like the power is pulled out) it also keeps locking up.
Update 29/07 - took a few times to boot, but then worked all day, although got slower and slower as the day went on, especially firefox. Would not shut down though, every time it did, it would start up again, had to take power cable out in the end.
Update 30/07 - Several times to boot up again, although I have noticed, when I get the message "data execution prevention" related to Psiservice it starts, but when I don't it seems to reboot itself shortly after the "system has recovered from a serious error" message. Still redirecting too.
Update 31/07 - Only crashed twice while starting up today, but several "windows has recovered from a serious error" messages when it did start, also firefox is incredibly slow today. CPU keeps going to 100% and fans in PC whirring from various processes.
Edited by admin, 08 August 2010 - 06:25 PM.