OTL logfile created on: 10/22/2009 2:17:31 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Bob Talbot\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.73% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 73.71 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Talbot
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Bob Talbot\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [On_Demand | Stopped]) -- File not found
SRV - (ATI Smart [On_Demand | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (dlcx_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (EPSONStatusAgent2 [On_Demand | Stopped]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- File not found
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (APLMp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (Eplpdx02 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys (Applied Networking Inc.)
DRV - (IPFilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys (Microsoft Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT61 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SbcpHid [System | Running]) -- C:\WINDOWS\System32\Drivers\SbcpHid.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\System32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (VX6000 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys (Microsoft Corporation
)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...m...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 07:03:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 07:03:43 | 00,000,000 | ---D | M]
[2009/08/11 21:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\mozilla\Extensions
[2009/08/11 21:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/23 22:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\mozilla\Extensions\
[email protected][2009/10/22 08:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\mozilla\Firefox\Profiles\x5f8bmss.default\extensions
[2009/09/02 07:18:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\mozilla\Firefox\Profiles\x5f8bmss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/22 08:50:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 07:03:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/15 18:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/22 20:34:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/09/11 07:03:33 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 07:03:33 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/09/03 14:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/23 01:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/07/23 11:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/07/23 11:47:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/11 07:03:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
Hosts file not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3}
http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC}
http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1202708457156 (MUWebControl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3}
http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\zwebauth.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/11 18:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/04/05 19:38:16 | 00,050,534 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2006/04/11 18:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/03/14 14:03:15 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d841462c-9555-11dc-93d8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d841462c-9555-11dc-93d8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d841462c-9555-11dc-93d8-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2006/04/11 18:15:11 | 00,323,584 | R--- | M] (Nival Interactive)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2006/04/11 18:15:11 | 00,323,584 | R--- | M] (Nival Interactive)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ========== [4 C:\Documents and Settings\Bob Talbot\Desktop\*.tmp files]
[2009/09/22 14:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/10/22 14:16:16 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Talbot\Desktop\OTL.exe
[2009/10/11 22:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Talbot\Desktop\New Folder
[2009/10/06 12:53:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Talbot\Desktop\New Pictures
[2009/10/06 12:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Talbot\Desktop\Anti Spyware
[2009/10/06 12:32:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Talbot\Desktop\Firefox Downloads
[2009/10/05 20:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Talbot\Desktop\Jenns Work
[2008/11/11 04:13:04 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2006/10/11 18:01:40 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:54:10 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2006/10/11 16:59:56 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/06/23 14:09:20 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
========== Files - Modified Within 30 Days ========== [4 C:\Documents and Settings\Bob Talbot\Desktop\*.tmp files]
[2009/10/22 14:16:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Talbot\Desktop\OTL.exe
[2009/10/22 10:23:59 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/10/21 17:33:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/21 17:32:40 | 00,193,866 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/21 17:31:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 17:31:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 15:59:16 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\Can't get through the water!.bmp
[2009/10/19 14:34:32 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\Killing the horde bosses.bmp
[2009/10/19 09:24:19 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\WRECKING BALL.bmp
[2009/10/17 11:06:52 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\jennifers first battleground.bmp
[2009/10/16 22:17:47 | 00,013,830 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\stream.asx
[2009/10/16 14:54:08 | 00,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 14:54:08 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 14:54:08 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 14:51:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 15:59:20 | 00,149,504 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 11:43:26 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\Where can I get resilience.doc
[2009/10/11 22:23:11 | 00,026,028 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\2.JPG
[2009/10/10 15:30:20 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\2 dead hunters 25m ToC first time.bmp
[2009/10/06 12:01:41 | 00,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 12:01:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/06 12:01:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/02 16:16:00 | 00,607,977 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\job_application_may_2009.pdf
[2009/10/02 15:43:48 | 00,043,638 | ---- | M] () -- C:\Documents and Settings\Bob Talbot\Desktop\app_dakotas.pdf
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/22 14:53:47 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
========== Files - No Company Name ==========[2009/10/20 15:59:15 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\Can't get through the water!.bmp
[2009/10/19 14:34:30 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\Killing the horde bosses.bmp
[2009/10/19 09:24:18 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\WRECKING BALL.bmp
[2009/10/17 11:06:51 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\jennifers first battleground.bmp
[2009/10/13 11:43:25 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\Where can I get resilience.doc
[2009/10/11 22:23:11 | 00,026,028 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\2.JPG
[2009/10/10 15:30:19 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\2 dead hunters 25m ToC first time.bmp
[2009/10/10 00:01:52 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/02 16:16:00 | 00,607,977 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\job_application_may_2009.pdf
[2009/10/02 15:43:46 | 00,043,638 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Desktop\app_dakotas.pdf
[2009/09/22 14:52:34 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/12 20:59:06 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/26 11:40:28 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2009/06/26 11:40:28 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2009/04/16 04:54:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/01/11 15:27:48 | 00,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/11/26 18:54:14 | 14,618,605 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.6-win32.exe
[2008/11/11 04:13:05 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/23 19:16:55 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/04/08 03:45:54 | 00,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/02/12 21:44:22 | 00,000,065 | ---- | C] () -- C:\WINDOWS\boc425.ini
[2008/01/24 21:47:09 | 00,000,000 | -HS- | C] () -- C:\Documents and Settings\Bob Talbot\Application Data\0047994dad.dat
[2007/12/20 23:36:03 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2007/12/05 02:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/20 12:43:04 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2007/02/01 15:19:09 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/12 21:19:06 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/11/25 02:44:16 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/28 10:31:44 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/10/20 19:46:42 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/07/11 22:33:01 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/26 00:04:36 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/06/23 14:09:20 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/06/03 17:59:12 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2006/06/03 17:59:12 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2006/06/03 17:19:59 | 00,000,732 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/24 15:09:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/04/17 02:40:58 | 02,112,772 | -H-- | C] () -- C:\Documents and Settings\Bob Talbot\Local Settings\Application Data\IconCache.db
[2006/03/19 19:03:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/03/01 00:06:40 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/28 23:38:43 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/02/28 23:38:43 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/02/28 23:38:43 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/02/28 23:38:42 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/08/07 16:41:54 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Local Settings\Application Data\fusioncache.dat
[2005/06/06 18:46:15 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/17 22:49:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/17 06:31:58 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/02/17 06:31:58 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/17 06:31:58 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/02/17 06:31:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/02/17 06:31:58 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/02/17 06:31:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/02/11 01:15:03 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/01/24 11:29:57 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/17 20:48:55 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS820.ini
[2005/01/16 15:11:55 | 00,070,328 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/14 21:10:22 | 00,149,504 | ---- | C] () -- C:\Documents and Settings\Bob Talbot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/14 20:08:15 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/14 20:02:27 | 00,005,825 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/14 18:06:27 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/14 18:06:03 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/01/14 18:06:03 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/01/14 18:06:03 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/14 18:06:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/14 18:05:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/14 03:22:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob Talbot\Application Data\desktop.ini
[2005/01/13 21:08:55 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/10/26 17:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/27 07:13:54 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/07/16 15:51:23 | 00,000,795 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 15:47:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/08/23 14:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
========== LOP Check ========== [2009/08/16 22:10:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/08 01:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\488536950
[2009/01/07 13:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/10/21 00:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/08/16 17:05:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/16 22:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008/11/09 19:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
[2008/11/16 22:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/11/16 22:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2007/01/15 05:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2006/04/11 17:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/09/12 11:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/01/15 05:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2005/06/20 01:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/03/13 19:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/23 22:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/01/26 23:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/01/07 13:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/12 12:35:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bob Talbot\Application Data
[2005/12/28 02:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\.BitTornado
[2005/11/05 16:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\.bittorrent
[2007/02/01 15:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\acccore
[2009/02/28 16:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Ahead
[2007/02/03 20:53:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Aim
[2007/10/21 00:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\ATI
[2005/05/14 12:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\CyberLink
[2008/11/09 23:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\DellFaxCtr
[2008/04/23 19:12:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\GetRightToGo
[2006/08/23 16:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Hamachi
[2009/02/28 22:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\ImgBurn
[2005/01/21 10:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Kazaa Lite
[2007/01/12 22:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\K-Meleon
[2007/12/20 22:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Leadertech
[2009/01/07 14:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\LimeWire
[2009/06/26 11:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Move Networks
[2007/01/15 05:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\MSN6
[2008/04/27 16:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Orbit
[2009/02/23 22:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\TomTom
[2009/09/11 12:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\uTorrent
[2009/09/22 14:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Talbot\Application Data\Ventrilo
[2003/07/16 15:36:49 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/21 17:31:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/22 10:23:59 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC0013C8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 10/22/2009 2:17:31 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Bob Talbot\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.73% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 73.71 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Talbot
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8842:TCP" = 8842:TCP:*:Enabled:BitComet 8842 TCP
"8842:UDP" = 8842:UDP:*:Enabled:BitComet 8842 UDP
"23061:TCP" = 23061:TCP:*:Enabled:BitComet 23061 TCP
"23061:UDP" = 23061:UDP:*:Enabled:BitComet 23061 UDP
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Valve\Steam\SteamApps\jibbilybeanster\team fortress 2\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\jibbilybeanster\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Valve\Steam\SteamApps\jibbilybeanster\counter-strike source\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\jibbilybeanster\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server -- ( )
"C:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe" = C:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Gold -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ABCD64F-6B57-D191-707A-A64C6E177DDF}" = Catalyst Control Center Graphics Full New
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V Collector Edition
"{2930D73B-49E6-02DC-BA42-8EC2B1C6752E}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}" = Rio Internet Update
"{49EC6CF7-B704-C2FE-49B9-E3CEBA76C671}" = Catalyst Control Center Core Implementation
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91C4CBA0-2AD5-5AA8-EC98-0BCD4914C5F4}" = Catalyst Control Center Graphics Previews Common
"{925FFD4D-DF53-4768-BF12-1061BB985D73}" = Windows AutoUpdate Utility (Mini)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1E260B6-9456-88F7-9994-7A4CCF39FB0C}" = ccc-utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B779207F-4F32-471B-8B52-A3A0F3C2ED02}" = McAfee ePolicy Orchestrator
"{B8737BE8-0E2B-C420-DB2D-F468748414F0}" = ccc-core-preinstall
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C810930D-3FA2-3E54-1FAC-3907C5AEA7BC}" = Catalyst Control Center Graphics Full Existing
"{C9E6E38F-BC92-49E2-BF72-EC8612F3703D}" = ebgcRes
"{CAFC9755-5469-DC18-CDD2-6F5C743AC478}" = Catalyst Control Center Graphics Light
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F54885B7-7789-087D-62EB-373D4DF83B56}" = Skins
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8474DF7-9902-7305-BAB3-34DEDFF2ADC5}" = ccc-core-static
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.6
"Dell Fax Solutions" = Fax Solutions
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON Printer Software
"FLV Player" = FLV Player 2.0, build 23
"GoogleVideoPlayer" = Google Video Player
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Ink Monitor" = Ink Monitor
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InterActual Player" = InterActual Player
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Lords of the Realm II" = Lords of the Realm II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.50
"RealPlayer 6.0" = RealPlayer
"Sierra Utilities" = Sierra Utilities
"Steam App 500" = Left 4 Dead
"TomTom HOME" = TomTom HOME 2.6.2.1586
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/21/2009 1:00:51 AM | Computer Name = BOB | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.
Error - 10/21/2009 1:00:52 AM | Computer Name = BOB | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB974554): FM20' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127 Error - 10/21/2009 4:07:25 PM | Computer Name = BOB | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.
Error - 10/21/2009 4:07:26 PM | Computer Name = BOB | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB974554): FM20' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127 Error - 10/21/2009 5:04:36 PM | Computer Name = BOB | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.
Error - 10/21/2009 5:04:37 PM | Computer Name = BOB | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB974554): FM20' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127 Error - 10/21/2009 5:12:24 PM | Computer Name = BOB | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.
Error - 10/21/2009 5:12:24 PM | Computer Name = BOB | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB974554): FM20' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127 Error - 10/22/2009 1:01:02 AM | Computer Name = BOB | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.
Error - 10/22/2009 1:01:03 AM | Computer Name = BOB | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB974554): FM20' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127 [ System Events ]
Error - 10/21/2009 5:12:25 PM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
Error - 10/21/2009 6:34:09 PM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/21/2009 6:34:19 PM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/21/2009 6:35:13 PM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/21/2009 6:35:15 PM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/22/2009 1:01:35 AM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
Error - 10/22/2009 7:52:38 AM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/22/2009 7:52:47 AM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/22/2009 10:26:56 AM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 10/22/2009 10:27:00 AM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
< End of report >
GMER 1.0.15.15163 -
http://www.gmer.netRootkit scan 2009-10-22 19:47:17
Windows 5.1.2600 Service Pack 3
Running: 3sodptns.exe; Driver: C:\DOCUME~1\BOBTAL~1\LOCALS~1\Temp\pxtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xF75000B0]
SSDT sptd.sys ZwEnumerateKey [0xF750584E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7505BEE]
SSDT sptd.sys ZwOpenKey [0xF7500090]
SSDT sptd.sys ZwQueryKey [0xF7505CC6]
SSDT sptd.sys ZwQueryValueKey [0xF7505B46]
SSDT sptd.sys ZwSetValueKey [0xF7505D58]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB60F9361]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB60F938B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB60F92F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB60F9321]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB60F93B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB60F9375]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB60F930B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB60F934D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB60F93CB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB60F939F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP B60F93A3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP B60F9365 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP B60F9379 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP B60F93CF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP B60F93B9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805836B0 5 Bytes JMP B60F9351 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP B60F9325 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP B60F92F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP B60F938F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E812 7 Bytes JMP B60F930F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B95B88AC 5 Bytes JMP 8A8A96E0
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F9B
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80090
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80073
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80062
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FC0
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F52
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F6D
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F15
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F26
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F04
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80047
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80011
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F8A
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B8002C
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F37
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70040
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70014
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70F83
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70F94
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70025
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60FAD
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60038
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FC8
.text C:\WINDOWS\System32\svchost.exe[244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B6001D
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070067
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700B0
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700CB
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F3C
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F17
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070082
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F90
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FAB
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80087
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80F92
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80FAF
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E8006C
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E800A4
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F5C
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E800D0
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80F41
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F26
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80011
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F77
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80FDB
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E800BF
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E70051
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E70014
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70F94
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60F90
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E60FA1
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60FBC
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\lsass.exe[816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0F44
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F55
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0F7C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB002F
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB0F97
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0082
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB0071
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB009D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB0F0E
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EB0EE9
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EB001E
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EB0054
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EB0FA8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EB0FB9
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EB0F1F
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EA0F8D
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EA0040
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EA0FA8
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0A, 89]
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EA0FB9
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E90FA6
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E90FB7
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E90FE3
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E90FC8
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E9001D
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20070
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F85
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F96
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C2005F
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20033
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200AD
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C2009C
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F14
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F39
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F03
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20044
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C2008B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20022
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F4A
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10014
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10F75
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FCD
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10F86
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FA1
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C0004E
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C0003D
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00022
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FCD
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034C0FEF
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 034C009D
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 034C0F9E
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 034C0078
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 034C0051
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 034C0040
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034C0F5C
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 034C00AE
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034C0F29
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034C0F3A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 034C0F18
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 034C0FB9
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 034C0000
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 034C0F8D
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 034C001B
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 034C0FD4
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 034C0F4B
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02FC0FAF
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02FC0047
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02FC0FCA
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02FC0000
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02FC0F8A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02FC0FE5
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02FC0036
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02FC001B
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02FB0F78
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 02FB0F93
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02FB0FB5
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02FB0FE3
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02FB0FA4
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02FB0FD2
.text C:\WINDOWS\System32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02FA0FE5
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 022E0000
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 022E0FE5
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 022E0FD4
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 022E0FC3
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660000
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F5F
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0066004A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F70
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F8D
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FAF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F27
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F42
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600A5
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0066008A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600B6
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660F9E
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FE5
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660079
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660025
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FD4
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660F0C
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650040
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0065006C
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650FE5
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0065001B
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0065005B
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0065000A
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FB9
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650FCA
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640FA8
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 0064003D
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640018
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FCD
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FDE
.text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F5C
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F77
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F92
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0093
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0076
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0EFA
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0F0B
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0EE9
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F4B
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0F26
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0FB9
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0076
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B005B
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0F7C
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0011
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FA1
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FC6
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F6F
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F8A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0058
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F9B
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0022
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE009A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0089
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F08
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F23
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0EF7
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE003D
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F5E
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FB6
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0011
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00AB
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0014
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD004A
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FC3
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD002F
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F97
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FA8
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FC8
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0049
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC001D
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC000C
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC002E
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FE3
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00BA0011
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00BA002C
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B90000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B9006E
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B9005D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B90F83
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B90040
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B90F9E
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B900A6
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B90F5E
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B90F32
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B90F43
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B900F0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B90025
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B90FDB
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B9007F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B90FB9
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B90FCA
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B900C1
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B80036
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B80F8A
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B80FE5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B80011
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B80051
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B80000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B80FAF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 8A]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B80FCA
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B7007A
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B70FE5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B7003A
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B70000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B7005F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B70029
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B60000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] WinInet.dll!InternetOpenA 3D95D688 5 Bytes JMP 011A0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] WinInet.dll!InternetOpenW 3D95DB01 5 Bytes JMP 011A0FDB
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] WinInet.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 011A0011
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1528] WinInet.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 011A002C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0058
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F6D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0047
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F94
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE002C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F06
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F2D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0EDA
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0073
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0EBF
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0FA5
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F3E
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FC0
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0EF5
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0F79
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0FCA
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD002C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FEF
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0F8A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FA5
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FC0042
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FC0FB7
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FC0FE3
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FC0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FC0FD2
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FC001D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01650FEF
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01650F57
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01650056
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01650F7C
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0165002F
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01650F97
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01650F1A
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01650F2B
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016500A2
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01650091
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016500B3
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0165001E
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01650FD4
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01650F3C
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01650FB2
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01650FC3
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01650F09
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0164001B
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0164004A
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01640FD4
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0164000A
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01640F8D
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01640FEF
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01640F9E
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 89]
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01640FAF
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01630073
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 0163004E
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01630FDE
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01630FEF
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01630033
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01630018
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01620000
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 0162001B
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01620036
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01620047
.text C:\WINDOWS\Explorer.EXE[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 018B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F66
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F3F
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0087
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F1A
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B3
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00CE
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00A2
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0058
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A003D
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\system32\wuauclt.exe[1848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B003D
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0069
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0022
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FB6
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FD1
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[1848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B004E
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A007D
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0062
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C4
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00B3
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F46
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00DF
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F88
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F61
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F68
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F79
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F94
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FDB
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E005C
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E003A
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E004B
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0029
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F9B
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260090
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260073
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260062
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260036
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600CD
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600BC
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600DE
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F45
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F2A
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260047
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026000A
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600AB
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026001B
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD4
.text C:\Program Files\internet explorer\iexplore.exe[2568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F60
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350014
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035005B
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FC3
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FD4
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350036
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FE5
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350025
.text C:\Program Files\internet explorer\iexplore.exe[2568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350F9E
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FC1
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360042
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FE3
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FD2
.text C:\Program Files\internet explorer\iexplore.exe[2568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
.text C:\Program Files\internet explorer\iexplore.exe[2568] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CB000A
.text C:\Program Files\internet explorer\iexplore.exe[2568] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CB0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2568] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CB0FDE
.text C:\Program Files\internet explorer\iexplore.exe[2568] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CB0FB9
.text C:\Program Files\internet explorer\iexplore.exe[2568] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0000
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600B5
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026009A
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260FC0
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026007D
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FE5
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600E3
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600C6
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0026010F
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600FE
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F65
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0026006C
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260FA5
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260051
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260040
.text C:\Program Files\internet explorer\iexplore.exe[2632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F80
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FC0
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F94
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035001B
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FE5
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FAF
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350051
.text C:\Program Files\internet explorer\iexplore.exe[2632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FA6
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360031
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FD2
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0036000C
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FB7
.text C:\Program Files\internet explorer\iexplore.exe[2632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
.text C:\Program Files\internet explorer\iexplore.exe[2632] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2632] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01BF000A
.text C:\Program Files\internet explorer\iexplore.exe[2632] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01BF0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2632] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01BF0FCA
.text C:\Program Files\internet explorer\iexplore.exe[2632] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01BF001B
.text C:\Program Files\internet explorer\iexplore.exe[2632] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01CE0000
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F4B
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F66
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F83
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260040
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB9
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F1F
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F30
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F0E
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600A7
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EFD
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA8
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FD4
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026005B
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260025
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026000A
.text C:\Program Files\internet explorer\iexplore.exe[2768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260082
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FAF
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F79
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FD4
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FE5
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350036
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0035001B
.text C:\Program Files\internet explorer\iexplore.exe[2768] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350F9E
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360058
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FC3
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360033
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0036000C
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FDE
.text C:\Program Files\internet explorer\iexplore.exe[2768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FEF
.text C:\Program Files\internet explorer\iexplore.exe[2768] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2768] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01BE0FEF
.text C:\Program Files\internet explorer\iexplore.exe[2768] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01BE0FDE
.text C:\Program Files\internet explorer\iexplore.exe[2768] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01BE000A
.text C:\Program Files\internet explorer\iexplore.exe[2768] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01BE0FB9
.text C:\Program Files\internet explorer\iexplore.exe[2768] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01CE0FE5
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7513A9A] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\internet explorer\iexplore.exe[2632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[2768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9DC1D8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8A8A81D8
Device \Driver\usbuhci \Device\USBPDO-1 8A8A81D8
Device \Driver\usbuhci \Device\USBPDO-2 8A8A81D8
Device \Driver\usbuhci \Device\USBPDO-3 8A8A81D8
Device \Driver\usbehci \Device\USBPDO-4 8A87B1D8
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA4B1D8
Device \Driver\Cdrom \Device\CdRom0 8A80C5C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89D9F648
Device \Driver\NetBT \Device\NetbiosSmb 89D9F648
Device \Driver\NetBT \Device\NetBT_Tcpip_{8F5FEF7F-7944-433B-86D1-D0FB129BEC5B} 89D9F648
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 8A8A81D8
Device \Driver\usbuhci \Device\USBFDO-1 8A8A81D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DB81D8
Device \Driver\usbuhci \Device\USBFDO-2 8A8A81D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DB81D8
Device \Driver\usbuhci \Device\USBFDO-3 8A8A81D8
Device \Driver\usbehci \Device\USBFDO-4 8A87B1D8
Device \Driver\Ftdisk \Device\FtControl 8AA4B1D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8A7D5980
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 513843963
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1832185544
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS@Installed 1
---- EOF - GMER 1.0.15 ----