Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 32 - I believe


  • Please log in to reply

#1
torr_tom

torr_tom

    Member

  • Member
  • PipPip
  • 26 posts
I attempted to edit the previous post but I am unable to read it.

I am posting the logs that were requested in the hopes that you can assist me with resolving the issue.

[list]

* Poor Performance
* Search feature finding thousands of files where only about 150 are present
* Unable to run some of the programs such as TFC.exe - error stating that its not a valid win32 application.

I really appreciate your help with resolving this issue.

Tom

Attached File  ark.txt   75.54KB   37 downloads
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-09 19:46:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TT\LOCALS~1\Temp\kwriypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF858687E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8586BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xBA52078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA520738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA52074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA520837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA520863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA5208D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA5208BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA5207CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA5208FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xBA52080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA520710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xBA520724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBA52079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xBA520939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA5208A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA52088F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xBA52084D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA520925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA520911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA520776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA520762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA5207F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA5208E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA5207E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA5207B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP BA5207B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP BA520811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP BA520893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP BA52078E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP BA520766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP BA52093D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP BA5208D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP BA520714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP BA5207A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP BA5207E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP BA5207CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP BA520750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP BA5207FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP BA5208BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP BA520728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP BA520901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP BA520867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP BA52083B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP BA52073C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP BA52077A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP BA5208EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP BA5208A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP BA520851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP BA520915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP BA520929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9005B
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90040
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9002F
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F72
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9008C
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F3A
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F1F
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900B8
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900D3
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F97
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4B
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90014
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9009D
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FA8
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093004A
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F97
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920058
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920047
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920022
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD7
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00900FCA
.text C:\WINDOWS\System32\svchost.exe[504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700C9
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F30
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0B
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F41
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FAF
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FCA
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005003A
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F66
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F77
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60F88
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FA5
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F2E
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F4B
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600A2
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60087
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60EE4
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60047
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60076
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F13
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50065
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50FA8
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FAD
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40042
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40027
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90065
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F70
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90F8D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90096
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F44
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F0E
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F900B1
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900C2
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FA8
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F55
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90F33
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FAF
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F8D
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FC1
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7004C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F7000C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70027
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FD2
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10089
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F94
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10FAF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10FC0
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F41
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F5E
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100AE
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F15
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10EFA
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10062
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10014
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F6F
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10F26
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00036
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF003D
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FBC
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0018
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0FCD
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 037E0FEF
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 037E0065
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 037E0F70
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 037E0F8D
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 037E0F9E
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 037E0040
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 037E0F3A
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 037E008C
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037E0F18
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037E00B1
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037E00CC
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 037E0FAF
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 037E000A
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 037E0F5F
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 037E0FD4
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 037E0025
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 037E0F29
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 037D0040
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 037D006C
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 037D001B
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 037D0FE5
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 037D005B
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 037D000A
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 037D0FC3
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 8B]
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 037D0FD4
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E4005A
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E4003F
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E4001D
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E40FE3
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E4002E
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E40000
.text C:\WINDOWS\System32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E30FE5
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01D90000
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01D90FEF
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01D9001B
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01D90FCA
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F4B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F68
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650089
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065006C
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500A4
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F01
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F30
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064001E
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063005A
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630049
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630038
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770FAA
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0077009F
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0077008E
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0077007D
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770047
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F88
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F99
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F52
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700EB
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F41
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770058
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0077001B
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700C4
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FDB
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0077002C
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F77
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FDB
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760062
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760022
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760051
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00760FA5
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [96, 88]
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FCA
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750FBC
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750FCD
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0075002C
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750000
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0075003D
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750011
.text C:\WINDOWS\System32\svchost.exe[1644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F77
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100F3
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100CE
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F35
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100B3
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F83
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0055
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0029
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0044
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017A0FEF
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017A0060
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 017A0F6B
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017A0045
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 017A0F86
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017A0FB2
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017A00A2
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017A0F5A
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017A0F35
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017A00CE
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017A00E9
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017A0FA1
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017A000A
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017A0085
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 017A0FC3
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 017A0FD4
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017A00BD
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01790FDE
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01790080
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01790FEF
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0179001B
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01790065
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0179000A
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01790FC3
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [99, 89]
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01790054
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01780F75
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!system 77C293C7 5 Bytes JMP 01780F9A
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01780FB5
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01780FEF
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0178000A
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01780FD2
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0172000A
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01720FE5
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01720FD4
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01720FB9
.text C:\WINDOWS\Explorer.EXE[1984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02210000
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0094
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0083
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F9F
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0FBC
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0043
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00C0
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F78
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00FD
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00E2
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC010E
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC005E
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A5
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0014
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00D1
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB002C
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0073
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0062
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FC0
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0047
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA005A
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FCF
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0038
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0049
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F59
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026004E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F80
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F32
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0026007A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EFC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260095
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EEB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026005F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F17
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035007D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035006C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360069
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360044
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360018
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360033
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01BB0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01BB001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01BB0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01BB0036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ws2_32.dll!socket 71AB4211 5 Bytes JMP 021E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B006F
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F95
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B1
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0094
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F33
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00D6
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F22
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0043
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F69
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001E
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F58
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA6
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0031
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0016
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FAF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached File  mbam-log-2010-08-09 (20-24-59).txt   891bytes   40 downloads

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/9/2010 8:24:59 PM
mbam-log-2010-08-09 (20-24-59).txt

Scan type: Quick scan
Objects scanned: 133168
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached File  OTL.Txt   53.31KB   56 downloads

OTL logfile created on: 8/9/2010 7:50:27 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\TT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 129.15 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMS-LAPTOP
Current User Name: TT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\providerComcast\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\TT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast) -- C:\Program Files\providerComcast\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/08/26 00:29:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://www.iilvirtua...raUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244668366025 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\Documents and Settings\TT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 19:47:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TT\Desktop\OTL.exe
[2010/08/06 18:37:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TT\Recent
[2010/08/06 18:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TT\Local Settings\Application Data\Sunbelt Software
[2010/07/28 19:34:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/28 16:45:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/01 09:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/01 09:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/01 09:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/29 13:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TT\My Documents\Bills
[2010/05/20 16:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/20 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/17 10:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 90 Days ==========

[2010/08/09 19:48:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TT\Desktop\OTL.exe
[2010/08/09 18:33:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/09 18:33:01 | 000,012,211 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/09 18:32:17 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 18:31:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 18:31:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 18:31:36 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 11:46:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TT\ntuser.ini
[2010/08/08 11:46:08 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\TT\NTUSER.DAT
[2010/08/07 02:59:33 | 000,115,107 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\TFC.exe
[2010/08/06 16:16:44 | 005,362,970 | -H-- | M] () -- C:\Documents and Settings\TT\Local Settings\Application Data\IconCache.db
[2010/08/06 10:16:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/06 10:09:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\CCleaner.lnk
[2010/07/28 21:20:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 19:34:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/28 16:44:57 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/28 16:44:57 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 16:03:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/12 14:03:39 | 000,047,974 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\StatementToPDF
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 00:19:30 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\TT\My Documents\Mexico.rtf
[2010/07/01 01:00:09 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/24 10:33:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 10:33:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 10:33:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/15 14:03:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/11 14:25:53 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 14:07:30 | 000,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 14:21:02 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\TT\My Documents\Budget 2010.xls
[2010/05/25 11:42:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\gmer.zip
[2010/05/20 16:33:34 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2010/08/07 02:59:29 | 000,115,107 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\TFC.exe
[2010/07/28 16:44:57 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/28 16:44:57 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/12 14:03:37 | 000,047,974 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\StatementToPDF
[2010/07/07 00:19:29 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\TT\My Documents\Mexico.rtf
[2010/07/01 09:22:35 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/25 11:42:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\gmer.zip
[2010/05/21 12:57:22 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\TT\My Documents\Budget 2010.xls
[2010/05/20 16:33:34 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/09 13:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2009/06/17 14:57:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/16 16:09:52 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 15:57:32 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 15:56:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/01/13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 03:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/08/04 03:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/07/30 03:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/06/15 12:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/20 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/08 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/18 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/05 10:51:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/08/06 18:37:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2009/06/17 11:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Centra
[2009/06/22 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/07/30 03:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Juniper Networks
[2009/06/17 12:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Saba
[2009/08/15 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\SanDisk
[2009/06/16 22:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\SumatraPDF
[2010/08/09 19:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\uTorrent
[2010/08/09 18:33:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/30 14:35:56 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 01:00:09 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/23 15:06:55 | 000,288,768 | ---- | M] () -- C:\53fr7dvj.exe
[2010/08/09 18:31:35 | 000,020,721 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 14:01:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/24 15:54:59 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2009/06/10 17:52:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/08/26 00:22:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/24 15:54:58 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/26 00:35:18 | 000,017,522 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 14:01:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/20 13:41:56 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2009/08/23 16:00:12 | 000,112,060 | ---- | M] () -- C:\GMER torr_tom.log
[2010/08/09 18:31:36 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 13:01:42 | 000,053,637 | ---- | M] () -- C:\HP2030.log
[2009/06/10 14:01:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/11 13:09:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/06/10 14:01:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/10 17:48:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/10 18:37:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/09 18:31:35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/08/24 15:54:58 | 000,135,168 | ---- | M] () -- C:\zip.exe

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:01:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/08/12 02:00:26 | 000,081,920 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/10 09:48:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/10 09:48:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/10 09:48:50 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 14:53:02
< End of report >

Attached File  Extras.Txt   26.09KB   42 downloads

OTL Extras logfile created on: 8/23/2009 2:52:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\TT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.92 Mb Total Physical Memory | 304.72 Mb Available Physical Memory | 59.64% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 136.58 Gb Free Space | 91.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMS-LAPTOP
Current User Name: TT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CentraClient" = Centra Client
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"SumatraPDF" = Sumatra PDF reader
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2009 12:29:11 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 8/23/2009 12:29:11 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/23/2009 12:34:36 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.

Error - 8/23/2009 12:34:42 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1007769471.

Error - 8/23/2009 12:34:49 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.

Error - 8/23/2009 12:35:13 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.

Error - 8/23/2009 12:35:17 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1007769471.

Error - 8/23/2009 12:35:36 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.

Error - 8/23/2009 12:55:37 PM | Computer Name = TOMS-LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/23/2009 1:33:18 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 8/21/2009 6:53:13 PM | Computer Name = TOMS-LAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
WHITNEY that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{F0B3668A-2B13-44EF-9. The master browser is stopping or an election
is being forced.

Error - 8/22/2009 11:31:11 AM | Computer Name = TOMS-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000E35BEA860.

Error - 8/22/2009 4:32:52 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 8/22/2009 5:07:30 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 8/22/2009 5:08:06 PM | Computer Name = TOMS-LAPTOP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b6688b4b, parameter3
b82ac0f4, parameter4 00000000.

Error - 8/22/2009 7:01:52 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 8/22/2009 7:06:42 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 8/22/2009 7:10:33 PM | Computer Name = TOMS-LAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SPAGHETTI-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{F0B3668A-2B13-4. The master browser is stopping or an election is being
forced.

Error - 8/23/2009 5:32:28 AM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 8/23/2009 12:59:12 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP