Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer very slow an crashes

Started by TheBlackParade , May 11 2011 05:50 PM

  • This topic is locked This topic is locked

#1
TheBlackParade
Posted 11 May 2011 - 05:50 PM

TheBlackParade

    New Member

  • Member
  • Pip
  • 9 posts
My pc becomes very slow using the internet and can create for some reason a CRASH DUMP ERROR... the pages an applications
seem very unresponsive an take a longtime to load... Also Video graphics constantly crashes after a while...so think might be a possible virus....



OTL logfile created on: 5/12/2011 12:24:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brett\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 8.00% Memory free
3.00 Gb Paging File | 0.00 Gb Available in Paging File | 14.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 35.78 Gb Free Space | 48.98% Space Free | Partition Type: NTFS

Computer Name: BRETT-PC | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Downloads\OTL.exe
PRC - [2011/04/28 11:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/02/28 16:15:30 | 000,427,008 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/22 19:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/15 18:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe
PRC - [2009/10/22 12:50:20 | 000,561,952 | ---- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/14 02:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/05/27 00:00:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/12/31 14:35:32 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2009/12/31 14:35:28 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2009/12/31 14:35:24 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2009/11/18 11:19:02 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/04/06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/25 18:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 18:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 18:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 18:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 18:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 18:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 18:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 51 FB 2F 41 84 CA 01 [binary data]
IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Online Games Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 22:43:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/11 23:41:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 23:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 08:52:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/03/22 11:27:33 | 000,000,000 | ---D | M]

[2009/12/24 03:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Extensions
[2011/04/30 09:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions
[2011/02/02 17:04:32 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/10 19:22:58 | 000,000,000 | ---D | M] (Online Games Bar Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}
[2010/11/19 21:53:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 23:14:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/30 23:14:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\[email protected]
[2011/03/31 22:30:14 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\[email protected]
[2011/03/28 18:06:08 | 000,000,863 | ---- | M] () -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\searchplugins\conduit.xml
[2010/03/04 16:37:22 | 000,010,017 | ---- | M] () -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\searchplugins\mywebsearch.xml
[2011/02/02 17:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 22:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/19 23:27:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/11 23:41:33 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/19 23:27:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/30 18:52:37 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/02/19 15:43:12 | 000,001,465 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511235028.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files\PC Suite\JoinMEUIExec.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-1984904580-3524558020-570195183-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b94b7ba8-31cb-11e0-a75b-001636fe27d7}\Shell - "" = AutoRun
O33 - MountPoints2\{b94b7ba8-31cb-11e0-a75b-001636fe27d7}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 00:21:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
[2011/05/11 23:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/17 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Local\{66354E1F-6D47-4F59-B30D-45C68A253EA5}
[2011/04/14 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Local\{6F98EC11-7307-40CE-AAC8-FB62D04450A7}
[2011/04/13 20:35:11 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Local\{01EC963B-2573-493E-8474-EFBFAFECEFD5}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 00:31:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
[2011/05/11 23:49:27 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 23:49:26 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 23:47:50 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/05/11 23:30:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 23:30:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 23:30:14 | 703,156,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 08:18:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/05/02 08:18:05 | 138,590,201 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/01 19:01:44 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/05/01 17:50:53 | 000,417,887 | ---- | M] () -- C:\Users\Brett\Desktop\209164_10150456750655424_16855985423_17668882_1174278_o.jpg
[2011/05/01 03:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Brett.job
[2011/04/30 19:19:38 | 000,025,841 | ---- | M] () -- C:\Users\Brett\Desktop\1301470493.076443_7.jpg
[2011/04/28 17:30:14 | 000,702,600 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/28 17:30:14 | 000,701,624 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/04/28 17:30:14 | 000,699,362 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/04/28 17:30:14 | 000,697,278 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011/04/28 17:30:14 | 000,684,128 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/04/28 17:30:14 | 000,652,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/28 17:30:14 | 000,625,738 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2011/04/28 17:30:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/28 17:30:14 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011/04/28 17:30:14 | 000,441,558 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2011/04/28 17:30:14 | 000,137,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/04/28 17:30:14 | 000,133,074 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/04/28 17:30:14 | 000,132,650 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/04/28 17:30:14 | 000,130,274 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/28 17:30:14 | 000,129,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/28 17:30:14 | 000,127,278 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011/04/28 17:30:14 | 000,123,874 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2011/04/28 17:30:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/28 17:30:14 | 000,082,282 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2011/04/28 17:30:14 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011/04/28 17:30:13 | 000,470,342 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2011/04/28 17:30:13 | 000,079,938 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2011/04/27 21:00:34 | 001,073,653 | ---- | M] () -- C:\Users\Brett\Desktop\232 018.JPG
[2011/04/27 21:00:28 | 000,633,537 | ---- | M] () -- C:\Users\Brett\Desktop\232 017.JPG
[2011/04/27 21:00:26 | 000,993,373 | ---- | M] () -- C:\Users\Brett\Desktop\232 016.JPG
[2011/04/27 21:00:20 | 000,985,984 | ---- | M] () -- C:\Users\Brett\Desktop\232 015.JPG
[2011/04/27 21:00:16 | 001,003,306 | ---- | M] () -- C:\Users\Brett\Desktop\232 014.JPG
[2011/04/27 21:00:12 | 000,855,459 | ---- | M] () -- C:\Users\Brett\Desktop\232 013.JPG
[2011/04/27 20:23:54 | 000,853,314 | ---- | M] () -- C:\Users\Brett\Desktop\232 012.JPG
[2011/04/27 20:23:48 | 000,911,870 | ---- | M] () -- C:\Users\Brett\Desktop\232 011.JPG
[2011/04/27 20:23:44 | 000,899,878 | ---- | M] () -- C:\Users\Brett\Desktop\232 010.JPG
[2011/04/27 20:23:30 | 000,649,868 | ---- | M] () -- C:\Users\Brett\Desktop\232 009.JPG
[2011/04/27 20:23:18 | 000,658,732 | ---- | M] () -- C:\Users\Brett\Desktop\232 007.JPG
[2011/04/25 11:01:48 | 000,034,240 | ---- | M] () -- C:\Users\Brett\Desktop\stilet_nails1.jpg
[2011/04/22 20:55:43 | 000,020,673 | ---- | M] () -- C:\Users\Brett\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/22 18:51:02 | 000,107,381 | ---- | M] () -- C:\Users\Brett\Desktop\brett Hampton C.V..pdf
[2011/04/20 19:21:46 | 000,095,853 | ---- | M] () -- C:\Users\Brett\Desktop\anastastia 011.jpg
[2011/04/15 19:49:15 | 000,334,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 19:14:04 | 000,992,821 | ---- | M] () -- C:\Users\Brett\Desktop\Picture07.07.2009 972.jpg
[2011/04/14 17:17:34 | 000,134,309 | ---- | M] () -- C:\Users\Brett\Desktop\anastastia 006.jpg
[2011/04/14 17:14:22 | 000,179,561 | ---- | M] () -- C:\Users\Brett\Documents\5 weeks 020.jpg
[2011/04/13 10:47:01 | 000,025,065 | ---- | M] () -- C:\Users\Brett\Desktop\Mite_030604.jpg
[2011/04/12 10:12:27 | 000,002,228 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 17:49:56 | 000,417,887 | ---- | C] () -- C:\Users\Brett\Desktop\209164_10150456750655424_16855985423_17668882_1174278_o.jpg
[2011/05/01 09:17:44 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/04/30 19:19:30 | 000,025,841 | ---- | C] () -- C:\Users\Brett\Desktop\1301470493.076443_7.jpg
[2011/04/27 21:00:34 | 001,073,653 | ---- | C] () -- C:\Users\Brett\Desktop\232 018.JPG
[2011/04/27 21:00:28 | 000,633,537 | ---- | C] () -- C:\Users\Brett\Desktop\232 017.JPG
[2011/04/27 21:00:26 | 000,993,373 | ---- | C] () -- C:\Users\Brett\Desktop\232 016.JPG
[2011/04/27 21:00:20 | 000,985,984 | ---- | C] () -- C:\Users\Brett\Desktop\232 015.JPG
[2011/04/27 21:00:16 | 001,003,306 | ---- | C] () -- C:\Users\Brett\Desktop\232 014.JPG
[2011/04/27 21:00:12 | 000,855,459 | ---- | C] () -- C:\Users\Brett\Desktop\232 013.JPG
[2011/04/27 20:23:54 | 000,853,314 | ---- | C] () -- C:\Users\Brett\Desktop\232 012.JPG
[2011/04/27 20:23:48 | 000,911,870 | ---- | C] () -- C:\Users\Brett\Desktop\232 011.JPG
[2011/04/27 20:23:44 | 000,899,878 | ---- | C] () -- C:\Users\Brett\Desktop\232 010.JPG
[2011/04/27 20:23:30 | 000,649,868 | ---- | C] () -- C:\Users\Brett\Desktop\232 009.JPG
[2011/04/27 20:23:18 | 000,658,732 | ---- | C] () -- C:\Users\Brett\Desktop\232 007.JPG
[2011/04/25 11:01:44 | 000,034,240 | ---- | C] () -- C:\Users\Brett\Desktop\stilet_nails1.jpg
[2011/04/22 20:55:38 | 000,020,673 | ---- | C] () -- C:\Users\Brett\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/22 18:50:59 | 000,107,381 | ---- | C] () -- C:\Users\Brett\Desktop\brett Hampton C.V..pdf
[2011/04/20 19:21:29 | 000,095,853 | ---- | C] () -- C:\Users\Brett\Desktop\anastastia 011.jpg
[2011/04/15 19:10:54 | 000,992,821 | ---- | C] () -- C:\Users\Brett\Desktop\Picture07.07.2009 972.jpg
[2011/04/14 17:17:22 | 000,134,309 | ---- | C] () -- C:\Users\Brett\Desktop\anastastia 006.jpg
[2011/04/14 17:13:32 | 000,179,561 | ---- | C] () -- C:\Users\Brett\Documents\5 weeks 020.jpg
[2011/04/13 10:47:07 | 000,025,065 | ---- | C] () -- C:\Users\Brett\Desktop\Mite_030604.jpg
[2011/04/12 10:12:27 | 000,002,228 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/03/21 23:21:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/21 23:18:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/02 18:12:30 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/01/25 23:18:08 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/13 15:38:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/26 22:42:38 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/08/24 13:39:25 | 000,166,587 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010/08/24 13:18:27 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/08/19 16:30:17 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/28 20:30:36 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2010/05/28 20:30:36 | 000,323,072 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2010/05/28 20:30:36 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010/05/26 08:45:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/04 16:41:39 | 000,004,830 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/27 02:53:30 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/27 13:23:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\ricxphac.dll
[2009/12/24 19:33:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 09:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/19 20:48:33 | 000,625,738 | ---- | C] () -- C:\Windows\System32\perfh01D.dat
[2009/08/19 20:48:33 | 000,294,764 | ---- | C] () -- C:\Windows\System32\perfi01D.dat
[2009/08/19 20:48:33 | 000,123,874 | ---- | C] () -- C:\Windows\System32\perfc01D.dat
[2009/08/19 20:48:33 | 000,037,052 | ---- | C] () -- C:\Windows\System32\perfd01D.dat
[2009/08/19 19:32:34 | 000,684,128 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009/08/19 19:32:34 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009/08/19 19:32:34 | 000,132,650 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009/08/19 19:32:34 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009/08/19 19:26:15 | 000,699,362 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2009/08/19 19:26:15 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2009/08/19 19:26:15 | 000,133,074 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2009/08/19 19:26:15 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2009/08/19 19:20:24 | 000,456,756 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2009/08/19 19:20:24 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2009/08/19 19:20:24 | 000,077,230 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2009/08/19 19:20:24 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2009/08/19 19:15:04 | 000,697,278 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2009/08/19 19:15:04 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2009/08/19 19:15:04 | 000,127,278 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2009/08/19 19:15:04 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2009/08/19 19:09:18 | 000,702,600 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/08/19 19:09:18 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/08/19 19:09:18 | 000,130,274 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/08/19 19:09:18 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/08/19 19:03:31 | 000,441,558 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2009/08/19 19:03:31 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2009/08/19 19:03:31 | 000,082,282 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2009/08/19 19:03:31 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2009/08/19 18:58:32 | 000,701,624 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/08/19 18:58:32 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/08/19 18:58:32 | 000,137,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/08/19 18:58:32 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/08/19 18:52:44 | 000,652,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/08/19 18:52:44 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/08/19 18:52:44 | 000,129,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/08/19 18:52:44 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/08/19 18:47:24 | 000,470,342 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2009/08/19 18:47:24 | 000,306,636 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2009/08/19 18:47:24 | 000,079,938 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2009/08/19 18:47:24 | 000,039,236 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,334,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/24 10:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2010/01/08 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2010/02/05 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Leadertech
[2010/10/13 13:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Brett\AppData\Roaming\lowsec
[2010/02/28 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\NCH Swift Sound
[2010/02/18 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\PlayFirst
[2011/01/30 04:13:44 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Registry Mechanic
[2011/01/26 16:53:23 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Safer Networking
[2010/09/24 12:28:33 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Serif
[2010/02/16 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\SmartDraw
[2011/02/06 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Sony
[2011/02/06 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Sony Setup
[2011/03/30 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\uTorrent
[2010/11/21 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Windows Live Writer
[2011/05/01 03:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Brett.job
[2011/05/01 19:01:44 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/04/25 19:37:26 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/01/25 21:36:38 | 011,284,480 | ---- | M] ()(C:\Users\Brett\13 - ????? ?????.mp3) -- C:\Users\Brett\13 - Белая кошка.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CBB8846C

< End of report >
  • 0

Advertisements

#2
Render
Posted 16 May 2011 - 06:15 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, TheBlackParade! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay.

Please tell me why are you blocking these sites:

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com


Please download WVCheck from Artellos.com.
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#3
TheBlackParade
Posted 16 May 2011 - 10:00 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi

I have no idea why these sites are being blocked!! they are not done intentionally....

Brett
  • 0

#4
Render
Posted 16 May 2011 - 10:08 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. :) Please follow the steps below as I need some fresh logs:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL log
  • Extras log

  • 0

#5
TheBlackParade
Posted 17 May 2011 - 05:58 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi as requested all logs below in correct order... additionally relevant programs were shutdown whilst running logs...

Many thanks for helping me.....






aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 22:22:01

-----------------------------
22:22:01.874 OS Version: Windows 6.1.7601 Service Pack 1
22:22:01.874 Number of processors: 2 586 0xE0C
22:22:01.880 ComputerName: BRETT-PC UserName: Brett
22:24:32.916 Initialize success
22:25:14.713 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:25:14.722 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
22:25:16.783 Disk 0 MBR read successfully
22:25:16.788 Disk 0 MBR scan
22:25:16.795 Disk 0 Windows 7 default MBR code
22:25:18.802 Disk 0 scanning sectors +156299264
22:25:18.849 Disk 0 scanning C:\Windows\system32\drivers
22:25:49.924 Service scanning
22:25:51.267 Disk 0 trace - called modules:
22:25:51.315 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:25:51.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ba0348]
22:25:51.341 3 CLASSPNP.SYS[88acd59e] -> nt!IofCallDriver -> [0x85aaa400]
22:25:51.349 5 ACPI.sys[8823f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856d2908]
22:25:51.357 Scan finished successfully
22:27:09.227 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
22:27:09.536 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"





.................................................................................................................................................................................................................................................................................................

OTL logfile created on: 5/17/2011 9:50:17 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brett\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


894.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 20.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 36.07 Gb Free Space | 49.36% Space Free | Partition Type: NTFS

Computer Name: BRETT-PC | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
PRC - [2011/02/28 16:15:30 | 000,427,008 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/22 19:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/15 18:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/05/27 00:00:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/12/31 14:35:32 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2009/12/31 14:35:28 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2009/12/31 14:35:24 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2009/11/18 11:19:02 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/04/06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/25 18:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 18:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 18:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 18:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 18:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 18:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 18:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 51 FB 2F 41 84 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Online Games Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 22:43:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/11 23:41:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 20:58:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 18:13:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/03/22 11:27:33 | 000,000,000 | ---D | M]

[2009/12/24 03:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Extensions
[2011/05/16 16:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions
[2011/02/02 17:04:32 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/10 19:22:58 | 000,000,000 | ---D | M] (Online Games Bar Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}
[2010/11/19 21:53:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 23:14:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/30 23:14:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\[email protected]
[2011/03/31 22:30:14 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\extensions\[email protected]
[2011/03/28 18:06:08 | 000,000,863 | ---- | M] () -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\searchplugins\conduit.xml
[2010/03/04 16:37:22 | 000,010,017 | ---- | M] () -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aagpj4uq.default\searchplugins\mywebsearch.xml
[2011/02/02 17:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 22:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/19 23:27:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/11 23:41:33 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/05/19 23:27:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/30 18:52:37 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/02/19 15:43:12 | 000,001,465 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110516205813.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files\PC Suite\JoinMEUIExec.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b94b7ba8-31cb-11e0-a75b-001636fe27d7}\Shell - "" = AutoRun
O33 - MountPoints2\{b94b7ba8-31cb-11e0-a75b-001636fe27d7}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/16 19:38:52 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Brett\Desktop\aswMBR.exe
[2011/05/14 21:50:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/14 21:50:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/14 21:50:28 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/14 21:50:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/14 21:50:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/14 21:50:28 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/14 21:50:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/14 21:50:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/14 21:50:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/14 21:50:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/14 21:50:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/14 21:50:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/14 21:50:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/14 21:50:28 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/14 21:50:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/14 21:50:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/14 21:50:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/14 21:50:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/14 21:50:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/14 21:50:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/14 21:50:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/14 21:50:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/14 21:50:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/14 21:50:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/14 21:50:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/14 21:50:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/14 21:50:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/14 21:50:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/14 21:50:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/14 21:50:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/14 21:50:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/14 21:50:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/14 21:50:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/14 21:50:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/14 21:50:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/14 21:50:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/14 21:50:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/14 21:50:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/14 21:50:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/14 12:03:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/14 12:03:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/12 14:54:31 | 000,000,000 | ---D | C] -- C:\Users\Brett\Desktop\Plumbing work
[2011/05/12 09:42:18 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/12 09:42:17 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/12 00:26:43 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/12 00:26:42 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/12 00:21:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
[2011/04/27 06:47:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/27 06:47:00 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/27 06:46:59 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/27 06:46:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/27 06:46:27 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 06:46:24 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/17 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Local\{66354E1F-6D47-4F59-B30D-45C68A253EA5}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 09:24:30 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 09:24:29 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 09:20:13 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/05/17 09:19:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 09:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 09:19:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/05/17 09:18:56 | 703,156,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 23:15:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 22:27:09 | 000,000,512 | ---- | M] () -- C:\Users\Brett\Desktop\MBR.dat
[2011/05/16 21:08:42 | 000,376,228 | ---- | M] () -- C:\Users\Brett\Desktop\Video call snapshot 2.png
[2011/05/16 20:22:12 | 003,139,514 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7424.JPG
[2011/05/16 20:21:56 | 003,066,496 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7423.JPG
[2011/05/16 20:09:28 | 003,162,201 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7422.JPG
[2011/05/16 20:09:15 | 003,322,726 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7420.JPG
[2011/05/16 20:09:02 | 003,068,265 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7421.JPG
[2011/05/16 20:00:29 | 003,251,526 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7417.JPG
[2011/05/16 20:00:18 | 003,170,879 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7418.JPG
[2011/05/16 19:59:47 | 003,003,244 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7419.JPG
[2011/05/16 19:38:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Brett\Desktop\aswMBR.exe
[2011/05/16 19:17:12 | 002,937,996 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_741533.JPG
[2011/05/16 19:16:48 | 002,831,241 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_741421.JPG
[2011/05/16 19:16:46 | 003,012,152 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7416.JPG
[2011/05/16 19:07:32 | 000,361,916 | ---- | M] () -- C:\Users\Brett\Desktop\241298_1935529901535_1040945150_2233505_5099665_o.jpg
[2011/05/16 19:00:40 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/05/16 18:11:01 | 002,836,755 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_741277.JPG
[2011/05/16 18:10:45 | 003,267,440 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_741177.JPG
[2011/05/16 18:09:15 | 002,864,032 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_74132.JPG
[2011/05/16 18:00:54 | 003,198,479 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_741033.JPG
[2011/05/16 18:00:52 | 003,304,424 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_740922.JPG
[2011/05/16 17:59:35 | 003,140,509 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_740711.JPG
[2011/05/16 17:48:54 | 002,971,111 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7405.JPG
[2011/05/16 17:48:51 | 003,036,849 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7404.JPG
[2011/05/16 17:48:26 | 002,798,139 | ---- | M] () -- C:\Users\Brett\Desktop\IMG_7406.JPG
[2011/05/15 03:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Brett.job
[2011/05/14 21:59:29 | 000,001,425 | ---- | M] () -- C:\Users\Brett\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 21:50:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/14 21:50:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/14 21:50:28 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/14 21:50:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/14 21:50:28 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/14 21:50:28 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/14 21:50:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/14 21:50:28 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/14 21:50:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/14 21:50:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/14 21:50:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/14 21:50:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/14 21:50:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/14 21:50:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/14 21:50:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/14 21:50:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/14 21:50:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/14 21:50:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/14 21:50:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/14 21:50:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/14 21:50:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/14 21:50:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/14 21:50:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/14 21:50:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/14 21:50:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/14 21:50:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/14 21:50:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/14 21:50:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/14 21:50:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/14 21:50:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/14 21:50:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/14 21:50:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/14 21:50:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/14 21:50:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/14 21:50:28 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/14 21:50:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/14 21:50:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/14 21:50:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/14 21:50:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/12 00:21:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Desktop\OTL.exe
[2011/05/10 16:08:40 | 003,485,847 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 316.JPG
[2011/05/09 16:08:30 | 002,996,229 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 225.JPG
[2011/05/09 16:08:30 | 002,923,848 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 226.JPG
[2011/05/09 15:52:06 | 002,708,304 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 167.JPG
[2011/05/09 15:52:06 | 002,642,068 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 168.JPG
[2011/05/09 15:51:54 | 002,813,293 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 165.JPG
[2011/05/09 15:51:54 | 002,673,517 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 166.JPG
[2011/05/08 13:24:34 | 003,113,169 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 020.JPG
[2011/05/08 13:24:02 | 003,275,360 | ---- | M] () -- C:\Users\Brett\Desktop\ChisinauMAY 018.JPG
[2011/05/02 08:18:05 | 138,590,201 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/01 17:50:53 | 000,417,887 | ---- | M] () -- C:\Users\Brett\Desktop\209164_10150456750655424_16855985423_17668882_1174278_o.jpg
[2011/04/28 17:30:14 | 000,702,600 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/28 17:30:14 | 000,701,624 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/04/28 17:30:14 | 000,699,362 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/04/28 17:30:14 | 000,697,278 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011/04/28 17:30:14 | 000,684,128 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/04/28 17:30:14 | 000,652,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/28 17:30:14 | 000,625,738 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2011/04/28 17:30:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/28 17:30:14 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011/04/28 17:30:14 | 000,441,558 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2011/04/28 17:30:14 | 000,137,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/04/28 17:30:14 | 000,133,074 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/04/28 17:30:14 | 000,132,650 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/04/28 17:30:14 | 000,130,274 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/28 17:30:14 | 000,129,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/28 17:30:14 | 000,127,278 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011/04/28 17:30:14 | 000,123,874 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2011/04/28 17:30:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/28 17:30:14 | 000,082,282 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2011/04/28 17:30:14 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011/04/28 17:30:13 | 000,470,342 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2011/04/28 17:30:13 | 000,079,938 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2011/04/25 11:01:48 | 000,034,240 | ---- | M] () -- C:\Users\Brett\Desktop\stilet_nails1.jpg
[2011/04/22 20:55:43 | 000,020,673 | ---- | M] () -- C:\Users\Brett\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/22 18:51:02 | 000,107,381 | ---- | M] () -- C:\Users\Brett\Desktop\brett Hampton C.V..pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 22:27:09 | 000,000,512 | ---- | C] () -- C:\Users\Brett\Desktop\MBR.dat
[2011/05/16 21:08:07 | 000,376,228 | ---- | C] () -- C:\Users\Brett\Desktop\Video call snapshot 2.png
[2011/05/16 20:19:24 | 003,139,514 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7424.JPG
[2011/05/16 20:19:24 | 003,066,496 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7423.JPG
[2011/05/16 20:05:55 | 003,322,726 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7420.JPG
[2011/05/16 20:05:55 | 003,162,201 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7422.JPG
[2011/05/16 20:05:55 | 003,068,265 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7421.JPG
[2011/05/16 19:53:02 | 003,251,526 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7417.JPG
[2011/05/16 19:53:02 | 003,170,879 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7418.JPG
[2011/05/16 19:53:02 | 003,003,244 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7419.JPG
[2011/05/16 19:12:42 | 003,012,152 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7416.JPG
[2011/05/16 19:12:42 | 002,937,996 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_741533.JPG
[2011/05/16 19:12:36 | 002,831,241 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_741421.JPG
[2011/05/16 19:07:18 | 000,361,916 | ---- | C] () -- C:\Users\Brett\Desktop\241298_1935529901535_1040945150_2233505_5099665_o.jpg
[2011/05/16 18:04:01 | 003,267,440 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_741177.JPG
[2011/05/16 18:03:46 | 002,836,755 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_741277.JPG
[2011/05/16 18:03:27 | 002,864,032 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_74132.JPG
[2011/05/16 17:49:44 | 003,198,479 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_741033.JPG
[2011/05/16 17:49:39 | 003,140,509 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_740711.JPG
[2011/05/16 17:49:32 | 003,304,424 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_740922.JPG
[2011/05/16 15:52:39 | 003,036,849 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7404.JPG
[2011/05/16 15:52:39 | 002,971,111 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7405.JPG
[2011/05/16 15:52:39 | 002,798,139 | ---- | C] () -- C:\Users\Brett\Desktop\IMG_7406.JPG
[2011/05/14 21:59:29 | 000,001,431 | ---- | C] () -- C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/14 21:50:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/10 16:08:40 | 003,485,847 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 316.JPG
[2011/05/09 16:08:30 | 002,996,229 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 225.JPG
[2011/05/09 16:08:30 | 002,923,848 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 226.JPG
[2011/05/09 15:52:06 | 002,708,304 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 167.JPG
[2011/05/09 15:52:06 | 002,642,068 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 168.JPG
[2011/05/09 15:51:54 | 002,813,293 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 165.JPG
[2011/05/09 15:51:54 | 002,673,517 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 166.JPG
[2011/05/08 13:24:34 | 003,113,169 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 020.JPG
[2011/05/08 13:24:02 | 003,275,360 | ---- | C] () -- C:\Users\Brett\Desktop\ChisinauMAY 018.JPG
[2011/05/01 17:49:56 | 000,417,887 | ---- | C] () -- C:\Users\Brett\Desktop\209164_10150456750655424_16855985423_17668882_1174278_o.jpg
[2011/05/01 09:17:44 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/04/25 11:01:44 | 000,034,240 | ---- | C] () -- C:\Users\Brett\Desktop\stilet_nails1.jpg
[2011/04/22 20:55:38 | 000,020,673 | ---- | C] () -- C:\Users\Brett\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/22 18:50:59 | 000,107,381 | ---- | C] () -- C:\Users\Brett\Desktop\brett Hampton C.V..pdf
[2011/03/21 23:21:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/21 23:18:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/02 18:12:30 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/01/25 23:18:08 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/13 15:38:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/26 22:42:38 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/08/24 13:39:25 | 000,166,587 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010/08/24 13:18:27 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/08/19 16:30:17 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/28 20:30:36 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2010/05/28 20:30:36 | 000,323,072 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2010/05/28 20:30:36 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010/05/26 08:45:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/04 16:41:39 | 000,004,830 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/27 02:53:30 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/27 13:23:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\ricxphac.dll
[2009/12/24 19:33:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 09:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/19 20:48:33 | 000,625,738 | ---- | C] () -- C:\Windows\System32\perfh01D.dat
[2009/08/19 20:48:33 | 000,294,764 | ---- | C] () -- C:\Windows\System32\perfi01D.dat
[2009/08/19 20:48:33 | 000,123,874 | ---- | C] () -- C:\Windows\System32\perfc01D.dat
[2009/08/19 20:48:33 | 000,037,052 | ---- | C] () -- C:\Windows\System32\perfd01D.dat
[2009/08/19 19:32:34 | 000,684,128 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009/08/19 19:32:34 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009/08/19 19:32:34 | 000,132,650 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009/08/19 19:32:34 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009/08/19 19:26:15 | 000,699,362 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2009/08/19 19:26:15 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2009/08/19 19:26:15 | 000,133,074 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2009/08/19 19:26:15 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2009/08/19 19:20:24 | 000,456,756 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2009/08/19 19:20:24 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2009/08/19 19:20:24 | 000,077,230 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2009/08/19 19:20:24 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2009/08/19 19:15:04 | 000,697,278 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2009/08/19 19:15:04 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2009/08/19 19:15:04 | 000,127,278 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2009/08/19 19:15:04 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2009/08/19 19:09:18 | 000,702,600 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/08/19 19:09:18 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/08/19 19:09:18 | 000,130,274 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/08/19 19:09:18 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/08/19 19:03:31 | 000,441,558 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2009/08/19 19:03:31 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2009/08/19 19:03:31 | 000,082,282 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2009/08/19 19:03:31 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2009/08/19 18:58:32 | 000,701,624 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/08/19 18:58:32 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/08/19 18:58:32 | 000,137,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/08/19 18:58:32 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/08/19 18:52:44 | 000,652,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/08/19 18:52:44 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/08/19 18:52:44 | 000,129,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/08/19 18:52:44 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/08/19 18:47:24 | 000,470,342 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2009/08/19 18:47:24 | 000,306,636 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2009/08/19 18:47:24 | 000,079,938 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2009/08/19 18:47:24 | 000,039,236 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,334,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/24 10:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2010/01/08 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2010/02/05 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Leadertech
[2010/10/13 13:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Brett\AppData\Roaming\lowsec
[2010/02/28 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\NCH Swift Sound
[2010/02/18 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\PlayFirst
[2011/01/30 04:13:44 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Registry Mechanic
[2011/01/26 16:53:23 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Safer Networking
[2010/09/24 12:28:33 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Serif
[2010/02/16 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\SmartDraw
[2011/02/06 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Sony
[2011/02/06 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Sony Setup
[2011/03/30 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\uTorrent
[2010/11/21 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Windows Live Writer
[2011/05/15 03:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Brett.job
[2011/05/16 19:00:40 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/04/25 19:37:26 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/14 21:50:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/14 21:50:28 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/16 18:13:19 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/16 18:12:58 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/14 21:50:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/14 21:50:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/14 21:50:28 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2011/01/25 21:36:38 | 011,284,480 | ---- | M] ()(C:\Users\Brett\13 - ????? ?????.mp3) -- C:\Users\Brett\13 - Белая кошка.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CBB8846C

< End of report >




..............................................................................................................................................................................................................................




OTL Extras logfile created on: 5/17/2011 9:50:17 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brett\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 20.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 36.07 Gb Free Space | 49.36% Space Free | Partition Type: NTFS

Computer Name: BRETT-PC | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:0\Users\Brett\Desktop\SkypePortable\App\Skype\Phone\Skype.exe" = I:0\Users\Brett\Desktop\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = PC Suite
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3258351-3F6B-4F24-A5B8-C8FFC58DA600}" = Myson Heatloss Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{F3258351-3F6B-4F24-A5B8-C8FFC58DA600}" = Myson Heatloss Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 4.0b10 (x86 en-US)" = Mozilla Firefox 4.0b10 (x86 en-US)
"MSC" = McAfee Internet Security
"Plumbing Revision1.0" = Plumbing Revision
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Switch" = Switch Sound File Converter
"Totally Free Burner_is1" = Totally Free Burner
"Update Service" = Sony Ericsson Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2011 2:02:01 PM | Computer Name = Brett-PC | Source = Windows Backup | ID = 4103
Description =

Error - 5/1/2011 2:13:56 PM | Computer Name = Brett-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Faulting module name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Exception code: 0xc0000417 Fault offset: 0x00002294 Faulting process
id: 0xe04 Faulting application start time: 0x01cc082b85626d22 Faulting application
path: C:\Program Files\PC Suite\JoinMEUIExec.exe Faulting module path: C:\Program
Files\PC Suite\JoinMEUIExec.exe Report Id: c6b33072-741e-11e0-9127-001636fe27d7

Error - 5/1/2011 2:18:44 PM | Computer Name = Brett-PC | Source = VSS | ID = 8194
Description =

Error - 5/1/2011 2:24:45 PM | Computer Name = Brett-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.59.112, time stamp:
0x4d6d325a Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00052d37 Faulting process id:
0x16e8 Faulting application start time: 0x01cc082c734d2271 Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 499fd3ba-7420-11e0-9127-001636fe27d7

Error - 5/2/2011 3:19:48 AM | Computer Name = Brett-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Faulting module name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Exception code: 0xc0000417 Fault offset: 0x00002294 Faulting process
id: 0x904 Faulting application start time: 0x01cc08994eb159ff Faulting application
path: C:\Program Files\PC Suite\JoinMEUIExec.exe Faulting module path: C:\Program
Files\PC Suite\JoinMEUIExec.exe Report Id: 8fb00254-748c-11e0-80bc-001636fe27d7

Error - 5/2/2011 3:24:35 AM | Computer Name = Brett-PC | Source = VSS | ID = 8194
Description =

Error - 5/11/2011 6:30:46 PM | Computer Name = Brett-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Faulting module name: JoinMEUIExec.exe, version: 0.0.0.0, time
stamp: 0x49b63254 Exception code: 0xc0000417 Fault offset: 0x00002294 Faulting process
id: 0xc78 Faulting application start time: 0x01cc102b10147e17 Faulting application
path: C:\Program Files\PC Suite\JoinMEUIExec.exe Faulting module path: C:\Program
Files\PC Suite\JoinMEUIExec.exe Report Id: 4ffd3e51-7c1e-11e0-92f1-001636fe27d7

Error - 5/11/2011 6:38:51 PM | Computer Name = Brett-PC | Source = VSS | ID = 8194
Description =

Error - 5/11/2011 6:42:18 PM | Computer Name = Brett-PC | Source = Windows Backup | ID = 4103
Description =

Error - 5/11/2011 7:02:32 PM | Computer Name = Brett-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 12/20/2009 5:48:24 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 9:48:24 PM - Error connecting to the internet. 9:48:24 PM - Unable
to contact server..

Error - 1/21/2010 6:46:36 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 10:46:32 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/5/2010 4:05:30 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 8:05:29 PM - Error connecting to the internet. 8:05:29 PM - Unable
to contact server..

Error - 4/17/2010 4:26:06 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 9:26:06 PM - Error connecting to the internet. 9:26:06 PM - Unable
to contact server..

Error - 4/17/2010 4:26:21 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 9:26:12 PM - Error connecting to the internet. 9:26:12 PM - Unable
to contact server..

Error - 4/17/2010 5:27:11 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 10:27:10 PM - Error connecting to the internet. 10:27:11 PM - Unable
to contact server..

Error - 4/17/2010 5:27:26 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 10:27:16 PM - Error connecting to the internet. 10:27:16 PM - Unable
to contact server..

Error - 11/19/2010 4:15:51 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 8:15:50 PM - Error connecting to the internet. 8:15:50 PM - Unable
to contact server..

Error - 11/19/2010 4:16:04 PM | Computer Name = Brett-PC | Source = MCUpdate | ID = 0
Description = 8:15:56 PM - Error connecting to the internet. 8:15:56 PM - Unable
to contact server..

[ OSession Events ]
Error - 6/1/2010 6:04:29 PM | Computer Name = Brett-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/18/2010 12:11:27 PM | Computer Name = Brett-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2010 6:09:00 PM | Computer Name = Brett-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/16/2011 9:40:28 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 5/16/2011 9:40:28 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 5/16/2011 9:45:57 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7022
Description = The McAfee VirusScan Announcer service hung on starting.

Error - 5/16/2011 9:48:10 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7022
Description = The McAfee Network Agent service hung on starting.

Error - 5/16/2011 9:52:28 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 5/17/2011 4:19:04 AM | Computer Name = Brett-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:34:33 PM on ?5/?16/?2011 was unexpected.

Error - 5/17/2011 4:19:48 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 5/17/2011 4:19:48 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 5/17/2011 4:26:25 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7022
Description = The McAfee Network Agent service hung on starting.

Error - 5/17/2011 4:29:05 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
  • 0

#6
Render
Posted 17 May 2011 - 08:11 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

additionally relevant programs were shutdown whilst running logs

Can you tell me what programs where those?

Please follow these steps:

Step 1

Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 2

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

When completed the above, please post back the following in the order asked for:
  • GMER log
  • Rootkit Unhooker log

  • 0

#7
TheBlackParade
Posted 18 May 2011 - 12:28 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi the processes i only completely stopped that i was talking about in the previous email was skype an yahoo messenger as they usually still hang in the application running tab....

cheers



GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-18 07:13:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8037GSX rev.DL230M
Running: gmer.exe; Driver: C:\Users\Brett\AppData\Local\Temp\kwloqpoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x884B20B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x884B20E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x884B20CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x884B20A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 83052A09 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83072512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!ZwYieldExecution 830BADC2 5 Bytes JMP 884B20A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC21000, 0x23097E, 0xE8000020]
.text autochk.exe 001D1204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 001D120C 1 Byte [00]
.text autochk.exe 001D1210 1 Byte [00]
.text autochk.exe 001D1214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 001D1218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[108] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 0035000A
.text C:\Windows\System32\svchost.exe[108] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 0035002C
.text C:\Windows\System32\svchost.exe[108] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 0035001B
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00150076
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00150EF2
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00150F0D
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00150FCA
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00150F83
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 0015005B
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00150040
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00150FE5
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 001500A2
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00150091
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00150F4D
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 0015001B
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00150F28
.text C:\Windows\System32\svchost.exe[108] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00150F5E
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 0024000C
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 0024007A
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!system 76E2B16F 5 Bytes JMP 0024005F
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00240FEF
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00240044
.text C:\Windows\System32\svchost.exe[108] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 0024001D
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 001F0FE5
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 001F0036
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 001F0047
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 001F0FA5
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 001F0000
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 001F0F80
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 001F001B
.text C:\Windows\System32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 001F0FCA
.text C:\Windows\System32\svchost.exe[108] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[468] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 004B0FEF
.text C:\Windows\system32\svchost.exe[468] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 004B001B
.text C:\Windows\system32\svchost.exe[468] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 004B000A
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 002B0076
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 002B00C0
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 002B0F2B
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 002B002C
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 002B005B
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 002B0F83
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 002B0F94
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 002B0F10
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 002B0F3C
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 002B0FC0
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 002B0FA5
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 002B0F4D
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 002B001B
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 002B009B
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 002B0F72
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 002D0036
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!system 76E2B16F 5 Bytes JMP 002D001B
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 002D0FC6
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 002D0FAB
.text C:\Windows\system32\svchost.exe[468] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 002C002F
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 002C0051
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 002C0040
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 002C0014
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 002C0062
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 002C0FB9
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 002C0FD4
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 000A0000
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00090087
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 000900E9
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 000900D8
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00090FC3
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 0009005B
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00090036
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00090F83
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00090FEF
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00090000
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00090F39
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 000900A2
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00090F9E
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00090025
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00090F68
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00090FD4
.text C:\Windows\system32\services.exe[620] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 000900B3
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 0009006C
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00140000
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 0014005D
.text C:\Windows\system32\services.exe[620] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00140FD2
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 0014001D
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00140038
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00140FE3
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 000F001B
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 000F0036
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 000F0F8A
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 000F0047
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 000F000A
.text C:\Windows\system32\services.exe[620] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00410000
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00090000
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00090FDE
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00090FEF
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00080065
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00080F1A
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 000800AF
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00080FC0
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00080F57
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00080F68
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00080F83
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00080011
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00080000
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 000800CA
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00080F2B
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00080FA5
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00080F94
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00080F3C
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00080FDB
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00080094
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 0008004A
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 000B0000
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!system 76E2B16F 5 Bytes JMP 000B0055
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 000B0029
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 000B0044
.text C:\Windows\system32\lsass.exe[668] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 000A0000
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 000A0047
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 000A006C
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 000A0011
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 000A0087
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 000A002C
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\lsass.exe[668] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00280025
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00280FEF
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 002700CA
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 002700F6
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00270F6B
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00270036
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 0027008A
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00270FA8
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00270011
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00270F46
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 002700DB
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00270FCA
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 002700A5
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00270FE5
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00270F7C
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00270F97
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 002E0062
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!system 76E2B16F 5 Bytes JMP 002E003D
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 002E0022
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 002E0FCD
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 002E0011
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 002D0036
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 002D0F94
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 002D0FAF
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 002D001B
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 002D0F79
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 002D0FC0
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 002D0FDB
.text C:\Windows\system32\svchost.exe[788] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 002F0FEF
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00370FCA
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00370FE5
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 002200C1
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 76C5204D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00220F51
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 002200E6
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 0022002C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00220084
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00220073
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00220FB6
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00220011
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00220F36
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00220F87
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 0022003D
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00220058
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 002200B0
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00220FDB
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00220F6C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00220095
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00390FA1
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00390FB2
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00390FDE
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00390FC3
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00390018
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00380036
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00380FAF
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00380051
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00380000
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 00380076
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 0038001B
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00380FCA
.text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00420000
.text C:\Windows\System32\svchost.exe[980] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[980] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 008A009E
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 008A00D4
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 008A0F49
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 008A0FDE
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 008A0F86
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 008A0F97
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 008A005E
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 008A001B
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 008A00EF
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 008A0F5A
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 008A0FCD
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 008A0FB2
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 008A0083
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 008A00B9
.text C:\Windows\System32\svchost.exe[980] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 008A0F75
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 009B0000
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 009B0FB9
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!system 76E2B16F 5 Bytes JMP 009B0044
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 009B0FE5
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 009B0FD4
.text C:\Windows\System32\svchost.exe[980] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 009B0029
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 0096001E
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00960F97
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 0096002F
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00960FDE
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 0096004A
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00960FB2
.text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00960FCD
.text C:\Windows\System32\svchost.exe[980] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00A60FEF
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00A00FEF
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00A0000A
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00A00FD4
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 009B00A9
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 009B0115
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 009B00F0
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 009B0FE5
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 009B0FC0
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 009B0098
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 009B0087
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 009B001B
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 009B0000
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 009B0126
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 009B00BA
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 009B005B
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 009B006C
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 009B0F8A
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 009B0036
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 009B00DF
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 009B0F9B
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00B10FEF
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00B10F9C
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00B10FB7
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00B10FC8
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00B1001D
.text C:\Windows\System32\svchost.exe[1036] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00B1000C
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00AF0000
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00AF0FCA
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00AF005B
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00AF0FB9
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00AF001B
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 00AF0FA8
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00AF0040
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00AF0FEF
.text C:\Windows\System32\svchost.exe[1036] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00B20000
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00E5002F
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00A500A6
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00A500CB
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00A50F36
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00A50025
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00A50084
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00A50073
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00A50062
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00A50FE5
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00A50000
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00A500DC
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00A50F62
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00A50036
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00A50051
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00A50095
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00A50FD4
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00A50F51
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00A50F91
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00E6005A
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00E60FCF
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00E6002E
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00E6003F
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00E6001D
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00AE0FEF
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00AE0F94
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00AE002C
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00AE001B
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00AE0FD4
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 00AE0F6F
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00AE0000
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00AE0FB9
.text C:\Windows\system32\svchost.exe[1064] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00EB0000
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00910FDE
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 008B0F3C
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 008B009B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 008B0F10
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 008B0FCD
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 008B0043
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 008B0F6B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 008B0F7C
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 008B0EF5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 008B0F2B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 008B0FA8
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 008B0F97
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 008B0065
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 008B0014
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 008B0080
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 008B0054
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00920FE3
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00920064
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00920049
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 0092001D
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 0092002E
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 0092000C
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 008C0033
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 008C005F
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 008C004E
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 008C0FAC
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 008C0022
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 008C0FD1
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 008E0FD4
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00320F49
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 003200B9
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00320F24
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00320F86
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00320F97
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00320FA8
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 003200CA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 0032008D
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00320FCA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00320F5A
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 0032009E
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00320F6B
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 008F0038
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 76E2B16F 5 Bytes JMP 008F0027
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 008F0FD2
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 008F0FB7
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 008F000C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00890FB9
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00890F9E
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00890040
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 0089005B
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00890FD4
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00890025
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 01230000
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 0123001B
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 01230FDB
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 011C0F5E
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 011C00D8
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 011C00BD
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 011C0FCA
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 011C0073
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 011C0062
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 011C0047
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 011C0025
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 011C0000
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 011C00F3
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 011C0F43
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 011C0036
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 011C0FA5
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 011C0F6F
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 011C0FE5
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 011C00AC
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 011C0F8A
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 01220000
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 01220042
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!system 76E2B16F 5 Bytes JMP 0122001D
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 01220FC8
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 01220FAD
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 01220FEF
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 0121000A
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 01210047
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 01210FB9
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 01210FCA
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 0121001B
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 0121006C
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 01210036
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 01210FE5
.text C:\Windows\system32\svchost.exe[1652] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 01240FEF
.text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 0019009E
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 001900DB
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00190F50
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00190014
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00190F86
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00190F97
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 0019004A
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00190FDE
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 001900EC
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 001900B9
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00190FB2
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00190039
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00190F75
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00190FC3
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 001900CA
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00190083
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 001B0047
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!system 76E2B16F 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 001B0FC6
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 001B0FD7
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 001A0058
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 001A0084
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 001A0073
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 001A0011
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 001A009F
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 001A0047
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 001A002C
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1908] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 6DF19A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1908] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 6DF19AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00220036
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 0022001B
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 001B0F43
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 001B00A9
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 001B0098
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 001B0FB6
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 001B0F79
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 001B0051
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 001B0F8A
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 001B0011
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 001B0F03
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 001B0087
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 001B0FA5
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 001B002C
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 001B0F5E
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 001B0FD1
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 001B0F1E
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 001B0062
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 001D0000
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 001D0FA3
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!system 76E2B16F 5 Bytes JMP 001D0FC8
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 001D0027
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 001D0038
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 001D0FE3
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 001C0000
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 001C0FB6
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 001C003D
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 001C0F9B
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 001C0FE5
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 001C0058
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 001C0022
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 001C0011
.text C:\Windows\System32\svchost.exe[1988] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 0023000A
.text C:\Windows\Explorer.EXE[2744] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 01C8000A
.text C:\Windows\Explorer.EXE[2744] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 01C80FD4
.text C:\Windows\Explorer.EXE[2744] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 01C80FE5
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 01C50065
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 01C500AC
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 01C5009B
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 01C5000A
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 01C50F4D
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 01C5002F
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 01C50F68
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 01C50FCA
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 01C50FE5
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 01C500C7
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 01C50080
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 01C50F9E
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 01C50F83
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 01C50054
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 01C50FAF
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 01C50F21
.text C:\Windows\Explorer.EXE[2744] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 01C50F3C
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 01C6000A
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 01C60051
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 01C60FD4
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 01C60076
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 01C60FEF
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 01C60FB9
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 01C60040
.text C:\Windows\Explorer.EXE[2744] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 01C60025
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 01C70000
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 01C70FA3
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!system 76E2B16F 5 Bytes JMP 01C70038
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 01C70FD9
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 01C70FC8
.text C:\Windows\Explorer.EXE[2744] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 01C7001D
.text C:\Windows\Explorer.EXE[2744] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 01C90FEF
.text C:\Windows\Explorer.EXE[2744] WININET.dll!InternetOpenA 77014E2B 5 Bytes JMP 06050000
.text C:\Windows\Explorer.EXE[2744] WININET.dll!InternetOpenUrlA 7701BFCE 5 Bytes JMP 06050022
.text C:\Windows\Explorer.EXE[2744] WININET.dll!InternetOpenW 7704C03E 5 Bytes JMP 06050011
.text C:\Windows\Explorer.EXE[2744] WININET.dll!InternetOpenUrlW 7707D722 5 Bytes JMP 06050033
.text C:\Windows\system32\svchost.exe[3376] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3376] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00040FDB
.text C:\Windows\system32\svchost.exe[3376] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 0001009F
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00010F1B
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00010F36
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00010F00
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00010F5B
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 0001008E
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 000100B0
.text C:\Windows\system32\svchost.exe[3376] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00070069
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00070044
.text C:\Windows\system32\svchost.exe[3376] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 0007001D
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 0008001E
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00080F97
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00080039
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 0008005E
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00080FB2
.text C:\Windows\system32\svchost.exe[3376] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00080FCD
.text C:\Windows\system32\svchost.exe[3376] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00180FEF
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!RegisterMessagePumpHook + 2F1 75DB8B9E 7 Bytes JMP 002228D0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!PostMessageW + 43A 75DC48B5 7 Bytes JMP 00222780 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!SetDlgItemTextA + 25 75DD709F 7 Bytes JMP 002228B0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!MessageBoxIndirectA + F5 75E0E95E 7 Bytes JMP 00222920 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!MessageBoxIndirectW + 61 75E0E9C4 7 Bytes JMP 002229F0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3640] USER32.dll!MessageBoxExA + 1F 75E0E9E8 7 Bytes JMP 002229A0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Windows\system32\svchost.exe[3676] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3676] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00040025
.text C:\Windows\system32\svchost.exe[3676] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 000100A5
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00010F3C
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00010FBC
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00010F86
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010054
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010043
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00010F17
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 000100B6
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010FA1
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00010032
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00010094
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00010FCD
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 000100C7
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00010079
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!system 76E2B16F 5 Bytes JMP 000E0011
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 000E0FBC
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 000E0FAB
.text C:\Windows\system32\svchost.exe[3676] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 000E0FE3
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 002C0FB6
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 002C0F94
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 002C0FA5
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 002C0FE5
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 002C0051
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 002C002C
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 002C001B
.text C:\Windows\system32\svchost.exe[3676] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[3924] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3924] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[3924] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00010F06
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 0001009B
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 000100B6
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00010F21
.text C:\Windows\system32\svchost.exe[3924] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00010F57
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_wsystem 76E2B04F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00070053
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00070042
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00070FD2
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00070027
.text C:\Windows\system32\svchost.exe[3924] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 000C002C
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 000C0FAF
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 000C0051
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 000C0F94
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 000C0FC0
.text C:\Windows\system32\svchost.exe[3924] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 000C001B
.text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00040FDB
.text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00040011
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00010062
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 00010084
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00010EEF
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00010FC0
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010F83
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00010011
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00010ED4
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00010F1E
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00010FD1
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00010073
.text C:\Windows\System32\svchost.exe[4104] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00010F43
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 000E000C
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 000E0044
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!system 76E2B16F 5 Bytes JMP 000E0FB9
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 000E0FDE
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 000E0033
.text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 000F0FDB
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 000F0FC0
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 000F0062
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 000F001B
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 000F0FA5
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 000F0047
.text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 000F0036
.text C:\Windows\System32\svchost.exe[4192] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[4192] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00080FCD
.text C:\Windows\System32\svchost.exe[4192] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00010F6F
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 000100B3
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 00010F14
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 00010FC0
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 0001006C
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010F94
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010047
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 000100C4
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00010F54
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 0001002C
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 00010098
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00010F2F
.text C:\Windows\System32\svchost.exe[4192] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 00010087
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 0012000C
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 00120FA8
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!system 76E2B16F 5 Bytes JMP 00120FB9
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 00120FDE
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 00120029
.text C:\Windows\System32\svchost.exe[4192] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 00120FEF
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00130FE5
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00130028
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00130F7C
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00130FA1
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00130FD4
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 00130F61
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00130FB2
.text C:\Windows\System32\svchost.exe[4192] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00130FC3
.text C:\Windows\System32\svchost.exe[4192] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 00370000
.text C:\Windows\System32\svchost.exe[4192] WININET.dll!InternetOpenA 77014E2B 5 Bytes JMP 00460FEF
.text C:\Windows\System32\svchost.exe[4192] WININET.dll!InternetOpenUrlA 7701BFCE 5 Bytes JMP 00460025
.text C:\Windows\System32\svchost.exe[4192] WININET.dll!InternetOpenW 7704C03E 5 Bytes JMP 00460014
.text C:\Windows\System32\svchost.exe[4192] WININET.dll!InternetOpenUrlW 7707D722 5 Bytes JMP 00460036
.text C:\Windows\System32\svchost.exe[4232] ntdll.dll!NtCreateFile 776A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[4232] ntdll.dll!NtCreateProcess 776A5698 5 Bytes JMP 00040FD4
.text C:\Windows\System32\svchost.exe[4232] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 0004000A
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!GetStartupInfoA 76C51E10 5 Bytes JMP 00010F43
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateProcessW 76C5204D 5 Bytes JMP 000100C7
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateProcessA 76C52082 5 Bytes JMP 000100AC
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateNamedPipeW 76C8270F 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!VirtualProtect 76C92341 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!LoadLibraryExW 76C94775 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!LoadLibraryExW 76C94775 5 Bytes JMP 00010F79
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!LoadLibraryExA 76C947FA 5 Bytes JMP 00010F94
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateFileW 76C9CC56 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateFileA 76C9CEE8 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!GetProcAddress 76CA33D3 5 Bytes JMP 00010F17
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!GetStartupInfoW 76CA3891 5 Bytes JMP 00010F32
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!LoadLibraryA 76CA395C 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!LoadLibraryW 76CA3C01 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreatePipe 76CB35B7 5 Bytes JMP 0001006C
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!CreateNamedPipeA 76CDD44F 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!WinExec 76CDE5FD 5 Bytes JMP 00010091
.text C:\Windows\System32\svchost.exe[4232] kernel32.dll!VirtualProtectEx 76CDF5D9 5 Bytes JMP 0001005B
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!_open 76DF7E48 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!_wsystem 76E2B04F 5 Bytes JMP 000E0F86
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!system 76E2B16F 5 Bytes JMP 000E001B
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!_creat 76E2ED29 5 Bytes JMP 000E0FAB
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!_wcreat 76E3038E 5 Bytes JMP 000E0000
.text C:\Windows\System32\svchost.exe[4232] msvcrt.dll!_wopen 76E30570 5 Bytes JMP 000E0FC6
.text C:\Windows\System32\svchost.exe[4232] WS2_32.dll!socket 777B3EB8 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegOpenKeyA 76D3CC15 5 Bytes JMP 00140000
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegCreateKeyA 76D3CD01 5 Bytes JMP 00140FAF
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegCreateKeyExA 76D41469 5 Bytes JMP 00140F8A
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegCreateKeyW 76D41514 5 Bytes JMP 00140036
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegOpenKeyW 76D42459 5 Bytes JMP 00140FE5
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegCreateKeyExW 76D440FE 5 Bytes JMP 00140F79
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegOpenKeyExW 76D4468D 5 Bytes JMP 00140011
.text C:\Windows\System32\svchost.exe[4232] ADVAPI32.dll!RegOpenKeyExA 76D44907 5 Bytes JMP 00140FCA

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 10058
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0D0309FC-D555-4E11-B9BE-25478E062530@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{778BC1D6-ED40-11DE-9BD2-806E6F6E6963} 8836226760

---- EOF - GMER 1.0.15 ----




....................................................................................................................................................


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x82009000 C:\Windows\system32\DRIVERS\lvuvc.sys 6750208 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x8FC20000 C:\Windows\system32\DRIVERS\atikmdag.sys 6193152 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8301D000 C:\Windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
0x8301D000 PnpManager 4206592 bytes
0x8301D000 RAW 4206592 bytes
0x8301D000 WMIxWDM 4206592 bytes
0x928D0000 Win32k 2416640 bytes
0x928D0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88822000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x884DC000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8FA18000 C:\Windows\system32\DRIVERS\athr.sys 1232896 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8D4F8000 C:\Windows\system32\DRIVERS\AGRSM.sys 1073152 bytes (LSI Corp, SoftModem Device Driver)
0x90208000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x886BD000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x88109000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x94C10000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D6CF000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88029000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x881B4000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8F95B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88649000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8847F000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x8F829000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x94DDE000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x8D460000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x94D8E000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D631000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x90302000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x882F5000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88233000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x82738000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8D40B000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x880C7000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F8FA000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x826A8000 C:\Windows\system32\DRIVERS\lvrs.sys 262144 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x889D9000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88774000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D754000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x902BF000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83420000 ACPI_HAL 225280 bytes
0x83420000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8843A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FBAD000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88A6A000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x88BC6000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8896C000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D4B0000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88355000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x88A25000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8860B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8828C000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x88399000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x8899D000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x88AAD000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x887B2000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8D60D000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x88000000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x827D5000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8FB45000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x94CB1000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F9E5000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88B50000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x88B04000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9035C000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8F88A000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x92B60000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x826F3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x82679000 C:\Windows\system32\DRIVERS\lvpopflt.sys 110592 bytes (Logitech Inc., Logitech AudioProcessing Filter Driver)
0x8D78F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8270E000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x827AA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D4DF000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x94E41000 C:\Users\Brett\AppData\Local\Temp\kwloqpoc.sys 102400 bytes
0x8F9BF000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9037B000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8FC00000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FB67000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FB7F000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FB96000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88BAF000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D6B8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94D6D000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x88383000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x82694000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x88636000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x88B23000 C:\Windows\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0x8278E000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F8D6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x883C3000 00000219 73728 bytes
0x903D9000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8FA06000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x827C3000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x883C3000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x88A9C000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D6A7000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8846E000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D44F000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x882C1000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x880AE000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x903AD000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x8F8E9000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8F8A9000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x82728000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88A52000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8277E000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x882E5000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9034D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8F9D7000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8F8BA000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8F8C8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88BA1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88347000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x886A6000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FBE1000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88225000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x903CC000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8D686000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90393000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D600000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x903A0000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x94D3C000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88B71000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x94E35000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x8F94F000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x889C4000 C:\Windows\system32\drivers\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x88B44000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x882DA000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8D693000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x94D83000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x826E8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x88B96000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x903EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x882B6000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8D67C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F945000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F93B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x903F6000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x94CA7000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x902F8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x903BE000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x883DE000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x94E5E000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x883D5000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8D69E000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x886B4000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94E6B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x92B30000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x889D0000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8827B000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x880BF000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x882D2000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x88A62000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCB000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88284000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88B7E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88B86000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88B8E000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88A1D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88B3D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x88B36000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88340000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F883000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8FC18000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0x94E30000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x88A18000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x903C8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8FC1E000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D5FE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x94CFCF2E Unknown thread object [ ETHREAD 0x871FDD48 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  • 0

#8
Render
Posted 18 May 2011 - 04:40 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please try this now:

Download fresh AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

We will run a virus scan only
  • On the first tab select all elements down to including Computer and then select start scan (1)
  • Once it has finished select report (2) and post that.

Posted Image

  • Please be patient as this scan could take a long time to complete.
  • Click on Exit to uninstall AVP tool. You may need to restart your computer after that.

  • 0

#9
TheBlackParade
Posted 19 May 2011 - 04:49 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ran the virus programme found some trojans and deleted them... but for some reason it
didnt delete all as in the log it mentioned about DETECTED not DELETED?...





Autoscan: completed 15113 days ago (events: 15, objects: 571506, time: 03:44:09)
5/18/2011 5:49:56 PM Task started

5/18/2011 6:40:55 PM Detected: Trojan-Downloader.Java.Agent.af C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-44a9621a/Downloader.class

5/18/2011 6:41:35 PM Detected: Trojan-Downloader.Java.Agent.ff C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63305a1f-1e6eca16/AppleT.class

5/18/2011 6:43:48 PM Deleted: Trojan-Downloader.Java.Agent.af C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-44a9621a/Downloader.class

5/18/2011 6:43:48 PM Deleted: Trojan-Downloader.Java.Agent.ff C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63305a1f-1e6eca16/AppleT.class

5/18/2011 6:43:49 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-69ee45b5/________vload.class

5/18/2011 6:43:49 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-574e357c/vmain.class

5/18/2011 6:47:31 PM Deleted: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-69ee45b5/________vload.class

5/18/2011 6:47:31 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-69ee45b5/vmain.class

5/18/2011 6:47:32 PM Deleted: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-574e357c/vmain.class

5/18/2011 6:47:48 PM Deleted: Exploit.Java.Agent.bu C:\Documents and Settings\Brett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-69ee45b5/vmain.class

5/18/2011 7:57:23 PM Processing error C:\Documents and Settings\Brett\Downloads\iTunesSetup.exe/data0008.res Read error

5/18/2011 7:57:24 PM Task stopped

5/18/2011 8:01:04 PM Task started

5/18/2011 11:45:17 PM Task completed
  • 0

#10
Render
Posted 19 May 2011 - 05:20 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please run AVP Tool one more time and post report. If you've already uninstalled it then download it again please.
  • 0

Advertisements

#11
TheBlackParade
Posted 19 May 2011 - 11:13 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi the scan was run and didnt show any trojans or anything....

Thanks for that.... initially you asked why i was blocking these sites below: - any idea why my system is doing that?... Thanks


Please tell me why are you blocking these sites:
Quote
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
  • 0

#12
Render
Posted 19 May 2011 - 11:31 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Those entries in hosts file are there for block access to the activation and registration servers for Adobe and Microsoft products. Usually this is indication of pirated software. But you don't have any payable Adobe product installed and your Win 7 seems legit.

Now, please tell me how is your computer running now. It's still slow and unstable?
  • 0

#13
TheBlackParade
Posted 19 May 2011 - 12:07 PM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
yes seems to be running ok and hasn't crashed or created a crash dump error so far with a blue screen an switching itself off ... can still take a little time when booting up to use programs when at desktop but seems better etc (probably due to the laptop being 5 years old)...

one issue i have always found that happened earlier today again is when i am playing videos if I try and put on full screen sometimes the

programme crashes not sure if its a plugin or something untoward or whether my graphics card has issues.... I did try and update the driver but

does say I have the latest one!...

Otherwise its all good - Thank you so much so far for your help I really appreciate it!!!
  • 0

#14
Render
Posted 19 May 2011 - 12:47 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

one issue i have always found that happened earlier today again is when i am playing videos if I try and put on full screen sometimes the

programme crashes not sure if its a plugin or something untoward or whether my graphics card has issues.... I did try and update the driver but

does say I have the latest one!...

What program are you using for playing video files? Also, are you having some problems with your keyboard?

can still take a little time when booting up to use programs when at desktop but seems better etc

These programs below start to run automatically on system boot. We can disable some of them if you really don't need them.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files\PC Suite\JoinMEUIExec.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
  • 0

#15
TheBlackParade
Posted 20 May 2011 - 02:02 AM

TheBlackParade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the programme for video if i have it correct is directx or am i completely wrong??.. an yes when the video card seems to crash the keyboard takes a while to become responsive....

in relation to the startup... the only programme out of those i generally use is yahoo messenger the others i do not....

really thanks for your help again

Brett
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP