 [Resolved] Possible Rootkit/trojan trouble, Need some analysis |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jan 26 2010, 09:06 AM
Post
#1
|
|
|
New Member  Group: Authentic Member Posts: 15 Joined: 1-December 04 Member No.: 19,304  |
I recently had this problem with my computer and now I find the same behavior with my wife's machine. Problem: Shortly after startup there is a notice that the services and controller app has encountered a problem and needs to close. Then a window appears warning me that the computer will restart in 60 seconds. Sometimes this does not come up, but when that happens the computer functions but is unstable, and then whenever you try to shut it down it starts up on its own. I know from my previous trouble that I can prevent the shutdown and give myself time to work on the computer by running "shutdown -a" from the RUN box. I have done that. I also went ahead and ran GMER and OTL, as suggested by whatthe tech when I had this problem before. I am pasting the logs below. If someone could direct me where to go next, I would be grateful GMER: GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2010-01-24 21:57:12 Windows 5.1.2600 Service Pack 2 Running: gmer.exe; Driver: C:\DOCUME~1\angie13\LOCALS~1\Temp\uxtdrpod.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEDC1978A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEDC19821] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEDC19738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEDC1974C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEDC19835] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEDC19861] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEDC198CF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEDC198B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEDC197CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEDC198FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEDC1980D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEDC19710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEDC19724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEDC1979E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEDC19937] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEDC198A3] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEDC1988D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEDC1984B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEDC19923] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEDC1990F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEDC19776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEDC19762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEDC19877] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEDC197F9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEDC198E5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEDC197E0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEDC197B4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 805021FC 7 Bytes JMP EDC197B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 8056DF7C 5 Bytes JMP EDC1978E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805A70D6 7 Bytes JMP EDC197CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A7EEC 5 Bytes JMP EDC197E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805AD66E 7 Bytes JMP EDC197A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C0DD6 5 Bytes JMP EDC19714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C1062 5 Bytes JMP EDC19728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3894 5 Bytes JMP EDC19766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C6E90 7 Bytes JMP EDC19750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805C6F46 5 Bytes JMP EDC1973C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805C7450 5 Bytes JMP EDC1977A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8726 5 Bytes JMP EDC197FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 80617F32 7 Bytes JMP EDC19891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 80618280 5 Bytes JMP EDC19913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80618538 7 Bytes JMP EDC1987B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 80618800 7 Bytes JMP EDC198E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619046 7 Bytes JMP EDC198A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 8061989E 7 Bytes JMP EDC1984F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 80619E78 5 Bytes JMP EDC19825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 8061A308 7 Bytes JMP EDC19839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A4D8 7 Bytes JMP EDC19865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 8061A6B8 7 Bytes JMP EDC198D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061A922 7 Bytes JMP EDC198BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 8061B20E 5 Bytes JMP EDC19811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 8061B532 7 Bytes JMP EDC1993B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 8061BA58 5 Bytes JMP EDC19927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061BB72 5 Bytes JMP EDC198FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012B2FBB .text C:\WINDOWS\system32\spoolsv.exe[324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 012B2F86 .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 012B1CE5 .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 012B1BC3 .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 012B2CC9 .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 012B2BFF .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 012B2E21 .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 012B2E3B .text C:\WINDOWS\system32\spoolsv.exe[324] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 012B1C54 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A02FBB .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A02F86 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00A01CE5 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00A01BC3 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00A02CC9 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00A02BFF .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00A02E21 .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00A02E3B .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[380] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00A01C54 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015B2FBB .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015B2F86 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 015B1CE5 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 015B1BC3 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 015B2CC9 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 015B2BFF .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 015B2E21 .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 015B2E3B .text C:\Program Files\McAfee\MPF\MPFSrv.exe[456] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 015B1C54 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A0000 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007A0073 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A0062 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007A0051 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A0F94 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A0036 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007A0F46 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007A008E .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007B2FBB .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007B2F86 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A00CE .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A0FB9 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A0011 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007A0F63 .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007A0FCA .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007A0FDB .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A0F2B .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00750025 .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00750F7C .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00750FD4 .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0075000A .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00750F8D .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00750FEF .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00750F9E .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [95, 88] .text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00750FAF .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740042 .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740FB7 .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0074001D .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740FEF .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00740FC8 .text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0074000C .text C:\WINDOWS\system32\svchost.exe[460] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00720FE5 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 0073001B .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 007B1CE5 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 0073000A .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 0073002C .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 007B1BC3 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 007B2CC9 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00730FD9 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 007B2BFF .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 007B2E21 .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 007B2E3B .text C:\WINDOWS\system32\svchost.exe[460] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 007B1C54 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01682FBB .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01682F86 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01681CE5 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01681BC3 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 01682CC9 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01682BFF .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01682E21 .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01682E3B .text C:\Program Files\McAfee\MSK\MskSrver.exe[576] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01681C54 .text C:\WINDOWS\system32\HPZipm12.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A02FBB .text C:\WINDOWS\system32\HPZipm12.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A02F86 .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00A01CE5 .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00A01BC3 .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00A02CC9 .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00A02BFF .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00A02E21 .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00A02E3B .text C:\WINDOWS\system32\HPZipm12.exe[636] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00A01C54 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00822FBB .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00822F86 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00821CE5 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00821BC3 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00822CC9 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00822BFF .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00822E21 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00822E3B .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00821C54 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00852FBB .text C:\Program Files\Bonjour\mDNSResponder.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00852F86 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00851CE5 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00851BC3 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00852CC9 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00852BFF .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00852E21 .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00852E3B .text C:\Program Files\Bonjour\mDNSResponder.exe[808] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00851C54 .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009C0000 .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009C0F7B .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009C007A .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009C005F .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009C0FAC .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009C003D .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009C00A8 .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009C008B .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A52FBB .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A52F86 .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009C0F05 .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009C004E .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009C0FDB .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009C0F6A .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009C002C .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009C001B .text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009C00B9 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FCA .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F6F .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0011 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0000 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009B0F94 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009B0FE5 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 009B0036 .text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009B0FB9 .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0069 .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A004E .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A002C .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000 .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A003D .text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0011 .text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00990FEF .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B60025 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00A51CE5 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 00B6000A .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B60036 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00A51BC3 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00A52CC9 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B60047 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00A52BFF .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00A52E21 .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00A52E3B .text C:\WINDOWS\system32\svchost.exe[812] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00A51C54 .text C:\WINDOWS\system32\winlogon.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01452FBB .text C:\WINDOWS\system32\winlogon.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01452F86 .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01451CE5 .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01451BC3 .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 01452CC9 .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01452BFF .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01452E21 .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01452E3B .text C:\WINDOWS\system32\winlogon.exe[848] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01451C54 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01060FEF .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 010600BF .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 010600AE .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01060093 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01060076 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01060040 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 010600F5 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01060FB9 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011F2FBB .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011F2F86 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01060F48 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0106005B .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0106000A .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 010600DA .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01060FD4 .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0106001B .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01060106 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01050FC3 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01050F83 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01050014 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01050FD4 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01050040 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01050FEF .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0105002F .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01050FA8 .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D30053 .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D30038 .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D30FD2 .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D3000C .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D30027 .text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D30FE3 .text C:\WINDOWS\system32\lsass.exe[908] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CE0000 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 01300000 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 011F1CE5 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 01300FE5 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 01300011 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 011F1BC3 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 011F2CC9 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 01300FB4 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 011F2BFF .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 011F2E21 .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 011F2E3B .text C:\WINDOWS\system32\lsass.exe[908] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 011F1C54 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E42FBB .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E42F86 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00E41CE5 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00E41BC3 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00E42CC9 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00E42BFF .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00E42E21 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00E42E3B .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[940] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00E41C54 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F52FBB .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F52F86 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00F51CE5 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00F51BC3 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00F52CC9 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00F52BFF .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00F52E21 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00F52E3B .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1036] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00F51C54 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EC2FBB .text C:\WINDOWS\system32\Ati2evxx.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EC2F86 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00EC1CE5 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00EC1BC3 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00EC2CC9 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00EC2BFF .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00EC2E21 .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00EC2E3B .text C:\WINDOWS\system32\Ati2evxx.exe[1088] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00EC1C54 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0FEF .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0093 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0F9E .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE006C .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE005B .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0FAF .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE00D5 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE00B8 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF2FBB .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF2F86 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CE0F57 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CE0036 .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE0FDE .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CE0F8D .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CE001B .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CE000A .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CE00E6 .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FCA .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD004A .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0025 .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FEF .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CD0F8D .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CD000A .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CD0F9E .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ED, 88] .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CD0FB9 .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0031 .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0F9C .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FC8 .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000 .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FB7 .text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FE3 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B30FE5 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 00D00025 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00CF1CE5 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 00D0000A .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00D00FE3 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00CF1BC3 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00CF2CC9 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00D00040 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00CF2BFF .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00CF2E21 .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00CF2E3B .text C:\WINDOWS\system32\svchost.exe[1104] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00CF1C54 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B70FEF .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B70F83 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B70F94 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B70062 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B70051 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B70036 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B70F66 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B700AE .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00942FBB .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00942F86 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B700EE .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B70FAF .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B70FDE .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B7009D .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B70025 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B7000A .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B700C9 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B60FC3 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B60054 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B6000A .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B60FD4 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B60F97 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B60FE5 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00B60039 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B60FB2 .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50044 .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50029 .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B50018 .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50FEF .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B50FB9 .text C:\WINDOWS\system32\svchost.exe[1184] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B50FDE .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B40000 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 00950FDE .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00941CE5 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 00950FEF .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00950FB7 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00941BC3 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00942CC9 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 0095000A .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00942BFF .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00942E21 .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00942E3B .text C:\WINDOWS\system32\svchost.exe[1184] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00941C54 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007B2FBB .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007B2F86 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 007B1CE5 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 007B1BC3 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 007B2CC9 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 007B2BFF .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 007B2E21 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 007B2E3B .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 007B1C54 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00FEF .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00084 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A00073 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00062 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A00051 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00FAF .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A000B2 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A00095 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A12FBB .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A12F86 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A000F2 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A00036 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A0000A .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A00F74 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A0001B .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A00FD4 .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A00F4F .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0025 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F72 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FD4 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F000A .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009F0F8D .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009F0FEF .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009F0F9E .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BF, 88] .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009F0FAF .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E004E .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E003D .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FD7 .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000 .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0022 .text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0011 .text C:\WINDOWS\system32\svchost.exe[1416] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009D0000 .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B20FEF .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00A11CE5 .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 00B2000A .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B20FDE .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00A11BC3 .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00A12CC9 .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B2002F .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00A12BFF .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00A12E21 .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00A12E3B .text C:\WINDOWS\system32\svchost.exe[1416] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00A11C54 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01742FBB .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01742F86 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01741CE5 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01741BC3 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 01742CC9 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01742BFF .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01742E21 .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01742E3B .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1460] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01741C54 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02E92FBB .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02E92F86 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 02E91CE5 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 02E91BC3 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 02E92CC9 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 02E92BFF .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 02E92E21 .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 02E92E3B .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1548] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 02E91C54 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00142FBB .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00142F86 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00141CE5 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00141BC3 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00142CC9 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00142BFF .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00142E21 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00142E3B .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1588] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00141C54 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02F62FBB .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02F62F86 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 02F61CE5 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 02F61BC3 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 02F62CC9 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 02F62BFF .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 02F62E21 .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 02F62E3B .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1648] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 02F61C54 .text C:\WINDOWS\system32\wdfmgr.exe[1664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00922FBB .text C:\WINDOWS\system32\wdfmgr.exe[1664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00922F86 .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00921CE5 .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00921BC3 .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00922CC9 .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00922BFF .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00922E21 .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00922E3B .text C:\WINDOWS\system32\wdfmgr.exe[1664] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00921C54 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007F0FEF .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007F0F81 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007F0076 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007F0FA8 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007F005B .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007F0040 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007F009D .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007F0F55 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A32FBB .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A32F86 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007F00D3 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007F0FB9 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007F000A .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007F0F70 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007F0025 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007F0FD4 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007F0F3A .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0FDE .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E0087 .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E002F .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0FEF .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007E0076 .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007E0000 .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007E0065 .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007E0054 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D0027 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0016 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0FC1 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FE3 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0FA6 .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0FD2 .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0FEF .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B40FE5 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00A31CE5 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetOpenA 771C573E 5 Bytes JMP 00B4000A .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B4001B .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00A31BC3 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00A32CC9 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B40038 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00A32BFF .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00A32E21 .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00A32E3B .text C:\WINDOWS\system32\svchost.exe[1672] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00A31C54 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015F2FBB .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015F2F86 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 015F1CE5 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 015F1BC3 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 015F2CC9 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 015F2BFF .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 015F2E21 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 015F2E3B .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1708] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 015F1C54 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00322FBB .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00322F86 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00321CE5 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00321BC3 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00322CC9 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00322BFF .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00322E21 .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00322E3B .text C:\Program Files\Microsoft Office\Office\OSA.EXE[1736] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00321C54 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE2FBB .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE2F86 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00BE1CE5 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00BE1BC3 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00BE2CC9 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00BE2BFF .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00BE2E21 .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00BE2E3B .text C:\Program Files\Creative\Shared Files\CTSched.exe[1748] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00BE1C54 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CC2FBB .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CC2F86 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00CC1CE5 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00CC1BC3 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00CC2CC9 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00CC2BFF .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00CC2E21 .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00CC2E3B .text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[1776] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00CC1C54 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007C2FBB .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007C2F86 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 007C1CE5 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 007C1BC3 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 007C2CC9 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 007C2BFF .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 007C2E21 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 007C2E3B .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2128] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 007C1C54 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D12FBB .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D12F86 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00D11CE5 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00D11BC3 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00D12CC9 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00D12BFF .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00D12E21 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00D12E3B .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2168] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00D11C54 .text C:\WINDOWS\system32\dwwin.exe[2176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AC2FBB .text C:\WINDOWS\system32\dwwin.exe[2176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AC2F86 .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!InternetCloseHandle 771C4D3C 5 Bytes JMP 00AC1CE5 .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!HttpSendRequestA 771C60C9 5 Bytes JMP 00AC1BC3 .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!InternetReadFile 771C827C 5 Bytes JMP 00AC2CC9 .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00AC2BFF .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!InternetReadFileExA 771F868E 5 Bytes JMP 00AC2E21 .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!InternetReadFileExW 771F90DE 8 Bytes JMP 00AC2E3B .text C:\WINDOWS\system32\dwwin.exe[2176] WININET.DLL!HttpSendRequestW 772123AC 5 Bytes JMP 00AC1C54 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01012FBB .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01012F86 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01011CE5 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01011BC3 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 01012CC9 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01012BFF .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01012E21 .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01012E3B .text C:\Program Files\Logitech\Video\FxSvr2.exe[2480] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01011C54 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01522FBB .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01522F86 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01521CE5 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01521BC3 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 01522CC9 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01522BFF .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01522E21 .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01522E3B .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2532] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01521C54 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF2FBB .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF2F86 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00CF1CE5 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00CF1BC3 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00CF2CC9 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00CF2BFF .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00CF2E21 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00CF2E3B .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2928] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00CF1C54 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00152FBB .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00152F86 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00151CE5 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00151BC3 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00152CC9 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00152BFF .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00152E21 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00152E3B .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[2984] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00151C54 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01572FBB .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01572F86 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01571CE5 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01571BC3 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 01572CC9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01572BFF .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01572E21 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01572E3B .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3012] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01571C54 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E22FBB .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E22F86 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00E21CE5 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00E21BC3 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00E22CC9 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00E22BFF .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00E22E21 .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00E22E3B .text C:\Program Files\HP\QuickPlay\QPService.exe[3096] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00E21C54 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DF2FBB .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DF2F86 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00DF1CE5 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00DF1BC3 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00DF2CC9 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00DF2BFF .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00DF2E21 .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00DF2E3B .text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[3160] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00DF1C54 .text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CB2FBB .text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CB2F86 .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00CB1CE5 .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00CB1BC3 .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00CB2CC9 .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00CB2BFF .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00CB2E21 .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00CB2E3B .text C:\Program Files\iPod\bin\iPodService.exe[3188] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00CB1C54 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01382FBB .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01382F86 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01381CE5 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01381BC3 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 01382CC9 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01382BFF .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01382E21 .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01382E3B .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3228] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01381C54 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 016C2FBB .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016C2F86 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 016C1CE5 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 016C1BC3 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 016C2CC9 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 016C2BFF .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 016C2E21 .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 016C2E3B .text C:\WINDOWS\system32\LVCOMSX.EXE[3288] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 016C1C54 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 010F2FBB .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 010F2F86 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 010F1CE5 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 010F1BC3 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 010F2CC9 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 010F2BFF .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 010F2E21 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 010F2E3B .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3328] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 010F1C54 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012F2FBB .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 012F2F86 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 012F1CE5 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 012F1BC3 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 012F2CC9 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 012F2BFF .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 012F2E21 .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 012F2E3B .text C:\Program Files\Logitech\Video\LogiTray.exe[3420] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 012F1C54 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01262FBB .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01262F86 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01261CE5 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01261BC3 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 01262CC9 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 01262BFF .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 01262E21 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 01262E3B .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3712] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01261C54 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 09F12FBB .text C:\Program Files\iTunes\iTunesHelper.exe[3752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 09F12F86 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 09F11CE5 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 09F11BC3 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 09F12CC9 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 09F12BFF .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 09F12E21 .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 09F12E3B .text C:\Program Files\iTunes\iTunesHelper.exe[3752] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 09F11C54 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015F2FBB .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015F2F86 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 015F1CE5 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 015F1BC3 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 015F2CC9 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 015F2BFF .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 015F2E21 .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 015F2E3B .text C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe[3816] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 015F1C54 .text C:\WINDOWS\V0415Mon.exe[3836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BC2FBB .text C:\WINDOWS\V0415Mon.exe[3836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BC2F86 .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00BC1CE5 .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00BC1BC3 .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00BC2CC9 .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00BC2BFF .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00BC2E21 .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00BC2E3B .text C:\WINDOWS\V0415Mon.exe[3836] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00BC1C54 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BF2FBB .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BF2F86 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00BF1CE5 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00BF1BC3 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00BF2CC9 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00BF2BFF .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00BF2E21 .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00BF2E3B .text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[3892] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00BF1C54 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A009F .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A008E .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A007D .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A006C .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FD4 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00D0 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F88 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F52 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00EB .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F41 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A005B .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0000 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F99 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0040 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0025 .text C:\WINDOWS\explorer.exe[3916] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F6D .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00280FB9 .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0028004A .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0028000A .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00280FD4 .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00280039 .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00280FEF .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00280F8D .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [48, 88] .text C:\WINDOWS\explorer.exe[3916] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00280F9E .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F92 .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FA3 .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029001D .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000 .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FC8 .text C:\WINDOWS\explorer.exe[3916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FEF .text C:\WINDOWS\explorer.exe[3916] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 002B000A .text C:\WINDOWS\explorer.exe[3916] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 002B0FEF .text C:\WINDOWS\explorer.exe[3916] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 002B0FDE .text C:\WINDOWS\explorer.exe[3916] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 002B0FC3 .text C:\WINDOWS\explorer.exe[3916] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003C0FEF .text C:\Program Files\Skype\Phone\Skype.exe[4052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03482FBB .text C:\Program Files\Skype\Phone\Skype.exe[4052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03482F86 .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 03481CE5 .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 03481BC3 .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 03482CC9 .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 03482BFF .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 03482E21 .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 03482E3B .text C:\Program Files\Skype\Phone\Skype.exe[4052] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 03481C54 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 010A2FBB .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 010A2F86 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 010A1CE5 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 010A1BC3 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 010A2CC9 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 010A2BFF .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 010A2E21 .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 010A2E3B .text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[4072] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 010A1C54 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00142FBB .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00142F86 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00141CE5 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00141BC3 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 00142CC9 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00142BFF .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00142E21 .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00142E3B .text C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[4560] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00141C54 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00142FBB .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00142F86 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00141CE5 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00141BC3 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00142CC9 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00142BFF .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00142E21 .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00142E3B .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4668] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00141C54 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00152FBB .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00152F86 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00151CE5 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00151BC3 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00152CC9 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00152BFF .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00152E21 .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00152E3B .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4728] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00151C54 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00142FBB .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00142F86 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00141CE5 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00141BC3 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00142CC9 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00142BFF .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00142E21 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00142E3B .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5508] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00141C54 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 00142FBB .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00142F86 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 00141CE5 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 00141BC3 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!InternetReadFile 771C827C 5 Bytes JMP 00142CC9 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 00142BFF .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!InternetReadFileExA 771F868E 5 Bytes JMP 00142E21 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!InternetReadFileExW 771F90DE 8 Bytes JMP 00142E3B .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[5712] wininet.dll!HttpSendRequestW 772123AC 5 Bytes JMP 00141C54 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG04.00.00.01SERVER 4E5160FCD1F67281D0B08AB1798E69BAD1147E13547311A7BAC3CEB1C824DA25D73412E96CDE0EE2 0A6CB6D923494765CAF930E40AAD448F00ED6D4EB2C48BC5FEBC9E127BECC74CFEBC9E127BECC74CF EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9 C6AECB7A5D14075D575E7D6A3B9808FEBC9E127BECC74C9F5B5EFC7D2826EE55051DBD49156B69AD2 F7567026086A9B6D3039AFB559F88E19967A7908D0CACD5D4CAA7D5B56E20931C219A2C6F288369E9 3FA91A331ACDBBCF4D647AD0B195923770197979CC7485B363BF5D566CF3EBE9C1E9A639AC8AE17C3 951FB509F2D1D917DE3E274E6EB13E412765206A41EE96A626E0C5041A7407F2C13488B75BDBEAD35 5E33632DCF018155E4B910BA6FC5E64F4C2605D2CEF39BF8518A29E152F23AB05F81A1A6AEC841AB3 5B6AA289395BD8A1E4385F2EF517BC3B6DEF0ABBA684659C258B2ED57953C63145F32FC7DA0B3E984 2928C4BDDEAA0AF45750AB0C03C7F06B33BA30E0497323B5BF25DB63E770172010E280AFD4191A3EF 7D7CF1D591A8ABB0706B1A2F5C6634CD6A6FBBF1A7E8F1922517402A39B15C9393C188BB8F78E1FB7 81463BE6FE7093957C2A501E4D251880B4FDB16DEA735489D61A379E05387F21BED90B17446BC9E69 244178CB1FDCE3FF0138388A27F9D48240143414596CE10726A3 ---- EOF - GMER 1.0.15 ---- OTL.TXT: OTL logfile created on: 1/26/2010 8:35:59 AM - Run 1 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\angie13\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 83.74 Gb Total Space | 49.70 Gb Free Space | 59.35% Space Free | Partition Type: NTFS Drive D: | 8.39 Gb Total Space | 1.33 Gb Free Space | 15.81% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE Current User Name: angie13 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\angie13\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies) PRC - C:\Documents and Settings\angie13\Application Data\Dropbox\bin\Dropbox.exe () PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee\MSC\mcupdui.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.) PRC - C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) PRC - C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (Yahoo! Inc.) PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard ) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\HPQ\shared\HpqToaster.exe () PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.) PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>) PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\angie13\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (0290491264478820mcinstcleanup) McAfee Application Installer Cleanup (0290491264478820) -- C:\WINDOWS\Temp\0290491264478820mcinst.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (V0415Vid) -- C:\WINDOWS\system32\drivers\V0415Vid.sys (Creative Technology Ltd.) DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (V0415Afx) -- C:\WINDOWS\system32\drivers\V0415Afx.sys (Creative Technology Ltd.) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (RLDesignVirtualAudioCableWdm) -- C:\WINDOWS\system32\drivers\livecamv.sys () DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys (Symantec Corporation) DRV - (MxlW2k) -- C:\WINDOWS\system32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (hookint) -- C:\WINDOWS\system32\hookint.sys () DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (PCANDIS5) -- C:\Linksys\printserver\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/worldservice" FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/25 20:24:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/01 21:46:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/01 22:20:32 | 00,000,000 | ---D | M] [2009/10/27 19:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Mozilla\Firefox\Profiles\2mzv4hwt.default\extensions [2009/10/30 09:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Mozilla\Firefox\Profiles\2mzv4hwt.default\extensions\moveplayer@movenetworks.com [2006/11/07 11:30:57 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\angie13\Application Data\Mozilla\Firefox\Profiles\2mzv4hwt.default\searchplugins\siteadvisor.xml [2009/10/27 17:51:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/26 08:28:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2008/12/28 08:55:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2008/12/28 08:53:20 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll [2008/12/28 08:53:22 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll [2008/12/28 08:53:23 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll [2008/12/28 08:53:29 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll [2008/12/28 08:53:31 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll [2008/11/04 16:00:51 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll O1 HOSTS File: ([2004/08/04 02:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [mmtask] c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe File not found O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [rihetusuy] C:\WINDOWS\System32\nasikaje.DLL File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKLM..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [mserv] C:\Documents and Settings\angie13\Application Data\svcst.exe File not found O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [svchost] C:\Documents and Settings\angie13\Application Data\svcst.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [ttool] C:\WINDOWS\sa23sl.exe File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Documents and Settings\angie13\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\angie13\Application Data\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Documents and Settings\angie13\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (Yahoo! Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.5.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.213.60.93 24.196.64.53 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (tokibete.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\nasikaje.dll) - C:\WINDOWS\System32\nasikaje.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: jehuvetir - {a2a35f13-4ce1-4b08-8cd3-706cf3fa72d5} - C:\WINDOWS\System32\nasikaje.dll File not found O21 - SSODL: SysNet - {D668BA7A-978B-48BA-8C68-3AE7BDCC9561} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll File not found O22 - SharedTaskScheduler: {a2a35f13-4ce1-4b08-8cd3-706cf3fa72d5} - mujuzedij - C:\WINDOWS\System32\nasikaje.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\angie13\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\angie13\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\PROGRA~1\DVDREG~1\DVDShell.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\WINDOWS\System32\wuruteli.dll File not found -- C:\WINDOWS\System32\womezila.dll File not found -- C:\WINDOWS\System32\winsc.exe File not found -- C:\WINDOWS\System32\volosejo.dll File not found -- C:\WINDOWS\System32\vewalimu.dll File not found -- C:\WINDOWS\System32\nazehogi.dll File not found -- C:\WINDOWS\System32\muwesoli.dll File not found -- C:\WINDOWS\System32\mojujebu.dll File not found -- C:\WINDOWS\System32\logon.exe File not found -- C:\WINDOWS\System32\legadeto.dll File not found -- C:\Documents and Settings\angie13\Desktop\keygenpatch.exe File not found -- C:\WINDOWS\System32\dayarado.dll File not found -- C:\WINDOWS\System32\betakoso.dll [2010/01/26 08:31:42 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\angie13\Desktop\OTL.exe [2010/01/25 22:06:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/01/24 08:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\angie13\Desktop\gmer [2010/01/24 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2008/10/23 12:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2006/04/17 07:06:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2006/04/17 07:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/04/17 07:06:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2006/04/17 07:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2005/09/24 01:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/26 08:43:47 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\mgmwelgj.job [2010/01/26 08:36:07 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\fojodene [2010/01/26 08:31:10 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\angie13\Desktop\OTL.exe [2010/01/26 08:29:36 | 00,010,623 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/01/26 08:16:05 | 00,001,389 | -HS- | M] () -- C:\hpqp.ini [2010/01/25 22:02:05 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\khqnkpsd.job [2010/01/25 22:00:06 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\pcqsstyd.job [2010/01/25 22:00:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/25 21:58:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/01/25 21:58:14 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini [2010/01/25 21:57:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/25 21:57:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/25 21:57:44 | 93,767,6800 | -HS- | M] () -- C:\hiberfil.sys [2010/01/25 21:46:13 | 03,775,058 | -H-- | M] () -- C:\Documents and Settings\angie13\Local Settings\Application Data\IconCache.db [2010/01/25 20:56:08 | 00,446,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/01/25 20:56:08 | 00,385,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/01/25 20:56:08 | 00,055,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/01/24 23:03:51 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\angie13\NTUSER.DAT [2010/01/24 23:03:51 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\angie13\ntuser.ini [2010/01/24 08:56:58 | 00,284,153 | ---- | M] () -- C:\Documents and Settings\angie13\Desktop\gmer(2).zip [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/24 08:57:01 | 00,284,153 | ---- | C] () -- C:\Documents and Settings\angie13\Desktop\gmer(2).zip [2009/10/30 17:54:59 | 00,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll [2009/10/15 08:30:20 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\angie13\Application Data\iniasd.txt [2009/08/30 15:31:05 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys [2009/02/24 17:34:29 | 00,002,174 | ---- | C] () -- C:\Documents and Settings\angie13\Application Data\wklnhst.dat [2007/10/24 12:16:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/06/23 11:58:01 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2007/02/25 12:35:34 | 00,000,321 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2007/01/07 11:12:11 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2006/11/28 08:53:30 | 00,002,243 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2006/10/12 09:50:21 | 00,002,125 | ---- | C] () -- C:\Documents and Settings\angie13\Application Data\HPSU_48BitScanUpdate.log [2006/10/03 11:37:38 | 00,005,686 | ---- | C] () -- C:\Documents and Settings\angie13\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log [2006/10/03 11:37:38 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006/10/03 11:36:30 | 00,098,643 | ---- | C] () -- C:\Documents and Settings\angie13\Application Data\Update_HP_RedboxHprblog_HPSU.log [2006/10/03 11:36:30 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2006/09/26 14:13:42 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL [2006/09/17 16:41:51 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\angie13\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/08/28 08:05:49 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/08/28 07:56:30 | 00,090,592 | ---- | C] () -- C:\WINDOWS\System32\hookint.sys [2006/08/27 20:39:03 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini [2006/08/19 11:58:59 | 00,000,050 | ---- | C] () -- C:\WINDOWS\group.ini [2006/08/19 11:58:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Biutil.INI [2006/08/19 11:55:24 | 00,000,691 | ---- | C] () -- C:\WINDOWS\COMMON.INI [2006/08/09 21:06:14 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/08/09 20:02:27 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\angie13\Local Settings\Application Data\fusioncache.dat [2006/04/17 08:11:23 | 00,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/04/17 08:07:23 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/04/17 07:46:07 | 00,000,222 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/04/17 07:31:40 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/04/17 07:24:12 | 00,002,663 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/12/02 04:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/07 07:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 07:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/07/10 23:00:00 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/07/10 23:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/07/10 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/10 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997/07/10 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2007/10/21 04:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 [2007/05/06 05:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009/08/31 19:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2007/12/10 06:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2006/04/17 08:09:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2007/06/23 11:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2008/01/28 07:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio [2009/05/07 09:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/07/10 11:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\7Wonders [2008/10/26 18:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Azureus [2009/03/12 14:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Canon [2010/01/25 22:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Dropbox [2006/09/20 11:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\FotoWire [2006/08/19 15:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\funkitron [2007/12/02 04:53:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\ICAClient [2008/06/07 05:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Image Zone Express [2007/11/24 14:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\iWin [2007/03/16 10:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Leadertech [2006/08/19 13:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Magic Match [2006/08/19 15:43:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Mind Control Software [2006/10/11 12:41:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\muvee Technologies [2006/08/19 15:43:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\PlayFirst [2007/06/24 09:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\SlySoft [2006/10/25 11:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\Thunderbird [2008/10/23 16:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\angie13\Application Data\uTorrent [2010/01/25 22:02:05 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\khqnkpsd.job [2009/09/03 09:48:28 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/11/01 01:05:21 | 00,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2010/01/26 08:43:47 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\mgmwelgj.job [2010/01/25 22:00:06 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\pcqsstyd.job ========== Purity Check ========== < End of report > OTL Extras: OTL Extras logfile created on: 1/26/2010 8:35:59 AM - Run 1 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\angie13\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 83.74 Gb Total Space | 49.70 Gb Free Space | 59.35% Space Free | Partition Type: NTFS Drive D: | 8.39 Gb Total Space | 1.33 Gb Free Space | 15.81% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE Current User Name: angie13 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation) "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus, Inc) "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found "C:\Documents and Settings\angie13\Desktop\Big torrents\Flight Simulator 2004\No CD Crack\fs9.exe" = C:\Documents and Settings\angie13\Desktop\Big torrents\Flight Simulator 2004\No CD Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation) "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found "C:\Documents and Settings\angie13\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\angie13\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS) "C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody -- (RealNetworks, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module "{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "{175441F9-59F3-4407-9DB6-00B34667831C}" = VoiceOver Kit "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5 "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0 "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025 "{5326AB25-7D66-44AB-AB81-F23BF0048DAD}" = FTVO Media Player Full "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1 "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices "{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "ATI Display Driver" = ATI Display Driver "Azureus Vuze" = Azureus Vuze "Bi-Admin" = Bi-Admin "CNXT_AUDIO" = Conexant AC-Link Audio "CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP "Creative Live! Central" = Creative Live! Central "Creative VF0415" = Creative Live! Cam Video IM Ultra (VF0415) (1.00.03.00) "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.1.5 "Easy-WebPrint" = Easy-WebPrint "Ekspert CD_is1" = Ekspert CD "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight "Google Updater" = Google Updater "HP Imaging Device Functions" = HP Imaging Device Functions 6.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Logitech Print Service" = Logitech Print Service "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12 "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "MSC" = McAfee SecurityCenter "Netscape Browser" = Netscape Browser (remove only) "Office8.0" = Microsoft Office 97, Professional Edition "Personal Guard 2009" = Personal Guard 2009 "PowerISO" = PowerISO "QcDrv" = Logitech® Camera Driver "RealPlayer 6.0" = RealPlayer "Rhapsody" = Rhapsody "Shipsim2008" = Ship Simulator 2008 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "SysInfo" = Creative System Information "VLC media player" = VideoLAN VLC media player 0.8.6d "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR archiver "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "Yahoo! Widget Engine" = Yahoo! Widget Engine ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/25/2010 11:16:40 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application setpoint.exe, version 2.31.546.0, faulting module unknown, version 0.0.0.0, fault address 0x00b8336d. Error - 1/25/2010 11:16:45 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application fxsvr2.exe, version 8.4.7.1034, faulting module unknown, version 0.0.0.0, fault address 0x1000336d. Error - 1/25/2010 11:16:46 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application logitray.exe, version 8.4.7.1034, faulting module unknown, version 0.0.0.0, fault address 0x00bd336d. Error - 1/25/2010 11:16:46 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application osa.exe, version 8.0.0.3414, faulting module unknown, version 0.0.0.0, fault address 0x1000336d. Error - 1/25/2010 11:16:46 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application jucheck.exe, version 5.0.90.3, faulting module unknown, version 0.0.0.0, fault address 0x1000336d. Error - 1/25/2010 11:16:49 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00be336d. Error - 1/25/2010 11:16:52 PM | Computer Name = ANGIE | Source = Application Error | ID = 1000 Description = Faulting application nmbgmonitor.exe, version 1.7.11.0, faulting module unknown, version 0.0.0.0, fault address 0x00bb336d. Error - 1/25/2010 11:44:43 PM | Computer Name = ANGIE | Source = Application Error | ID = 1004 Description = Faulting application services.exe, version 5.1.2600.3520, faulting module unknown, version 0.0.0.0, fault address 0x8465ec36. Error - 1/25/2010 11:58:18 PM | Computer Name = ANGIE | Source = Application Error | ID = 1004 Description = Faulting application services.exe, version 5.1.2600.3520, faulting module unknown, version 0.0.0.0, fault address 0x8465ec36. Error - 1/26/2010 12:02:04 AM | Computer Name = ANGIE | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 3380 (0xd34) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\nazehogi.dll by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) [ System Events ] Error - 1/25/2010 10:52:56 PM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the iPod Service service to connect. Error - 1/25/2010 10:52:56 PM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7000 Description = The iPod Service service failed to start due to the following error: %%1053 Error - 1/25/2010 10:56:48 PM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 Error - 1/25/2010 10:58:00 PM | Computer Name = ANGIE | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume. Error - 1/25/2010 11:15:45 PM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7031 Description = The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/25/2010 11:59:03 PM | Computer Name = ANGIE | Source = DCOM | ID = 10010 Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout. Error - 1/26/2010 12:02:32 AM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7031 Description = The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/26/2010 12:02:59 AM | Computer Name = ANGIE | Source = DCOM | ID = 10010 Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error - 1/26/2010 12:03:44 AM | Computer Name = ANGIE | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 Error - 1/26/2010 10:16:00 AM | Computer Name = ANGIE | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.12 on the Network Card with network address 0016D40491D6. < End of report > THANKS IN ADVANCE!!! |
 |
 
|
|
Replies
(15 - 16)
|
Feb 23 2010, 09:21 PM
Post
#16
|
|
 WTT Malware Disintegrator Teacher  Group: Classroom Teacher Posts: 999 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows XP Windows Vista Windows 7 |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
26 | HHHisthegame | 344 | Yesterday, 10:42 PM Last post by: HHHisthegame |
|||
 |
8 | 3streamMusic | 202 | Yesterday, 06:18 PM Last post by: LDTate |
|||
|
16 | jester421 | 338 | Yesterday, 09:18 AM Last post by: CatByte |
|||
|
6 | ROOFIE(MTL) | 104 | Yesterday, 06:42 AM Last post by: CatByte |
|||
|
Time is now: 21st March 2010 - 01:22 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
