I am posting the logs that were requested in the hopes that you can assist me with resolving the issue.
[list]
* Poor Performance
* Search feature finding thousands of files where only about 150 are present
* Unable to run some of the programs such as TFC.exe - error stating that its not a valid win32 application.
I really appreciate your help with resolving this issue.
Tom
ark.txt 75.54KB
63 downloadsGMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-09 19:46:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TT\LOCALS~1\Temp\kwriypoc.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF858687E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8586BFE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xBA52078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA520738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA52074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA520837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA520863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA5208D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA5208BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA5207CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA5208FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xBA52080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA520710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xBA520724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBA52079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xBA520939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA5208A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA52088F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xBA52084D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA520925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA520911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA520776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA520762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA5207F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA5208E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA5207E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA5207B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP BA5207B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP BA520811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP BA520893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP BA52078E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP BA520766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP BA52093D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP BA5208D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP BA520714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP BA5207A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP BA5207E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP BA5207CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP BA520750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP BA5207FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP BA5208BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP BA520728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP BA520901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP BA520867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP BA52083B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP BA52073C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP BA52077A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP BA5208EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP BA5208A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP BA520851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP BA520915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP BA520929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9005B
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90040
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9002F
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F72
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9008C
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F3A
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F1F
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900B8
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900D3
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F97
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4B
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90014
.text C:\WINDOWS\System32\svchost.exe[504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9009D
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FA8
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093004A
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F97
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920058
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920047
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920022
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD7
.text C:\WINDOWS\System32\svchost.exe[504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[504] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00900FCA
.text C:\WINDOWS\System32\svchost.exe[504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700C9
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F30
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0B
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F41
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FAF
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FCA
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005003A
.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F66
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F77
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60F88
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FA5
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F2E
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F4B
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600A2
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60087
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60EE4
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60047
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60076
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F13
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50065
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50FA8
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FAD
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40042
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40027
.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90065
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F70
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90F8D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90096
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F44
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F0E
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F900B1
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900C2
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FA8
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F55
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90F33
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FAF
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F8D
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FC1
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7004C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F7000C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70027
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FD2
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10089
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F94
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10FAF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10FC0
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F41
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F5E
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100AE
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F15
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10EFA
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10062
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10014
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F6F
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10F26
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00036
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF003D
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FBC
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0018
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0FCD
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 037E0FEF
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 037E0065
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 037E0F70
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 037E0F8D
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 037E0F9E
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 037E0040
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 037E0F3A
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 037E008C
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037E0F18
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037E00B1
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037E00CC
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 037E0FAF
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 037E000A
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 037E0F5F
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 037E0FD4
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 037E0025
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 037E0F29
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 037D0040
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 037D006C
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 037D001B
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 037D0FE5
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 037D005B
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 037D000A
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 037D0FC3
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 8B]
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 037D0FD4
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E4005A
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E4003F
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E4001D
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E40FE3
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E4002E
.text C:\WINDOWS\System32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E40000
.text C:\WINDOWS\System32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E30FE5
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01D90000
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01D90FEF
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01D9001B
.text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01D90FCA
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F4B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F68
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650089
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065006C
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500A4
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F01
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F30
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064001E
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063005A
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630049
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630038
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770FAA
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0077009F
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0077008E
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0077007D
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770047
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F88
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F99
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F52
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700EB
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F41
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770058
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0077001B
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700C4
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FDB
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0077002C
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F77
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FDB
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760062
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760022
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760051
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00760FA5
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [96, 88]
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FCA
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750FBC
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750FCD
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0075002C
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750000
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0075003D
.text C:\WINDOWS\System32\svchost.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750011
.text C:\WINDOWS\System32\svchost.exe[1644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F77
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100F3
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100CE
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F35
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100B3
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F83
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0055
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0029
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0044
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017A0FEF
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017A0060
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 017A0F6B
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017A0045
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 017A0F86
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017A0FB2
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017A00A2
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017A0F5A
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017A0F35
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017A00CE
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017A00E9
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017A0FA1
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017A000A
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017A0085
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 017A0FC3
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 017A0FD4
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017A00BD
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01790FDE
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01790080
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01790FEF
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0179001B
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01790065
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0179000A
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01790FC3
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [99, 89]
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01790054
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01780F75
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!system 77C293C7 5 Bytes JMP 01780F9A
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01780FB5
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01780FEF
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0178000A
.text C:\WINDOWS\Explorer.EXE[1984] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01780FD2
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0172000A
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01720FE5
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01720FD4
.text C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01720FB9
.text C:\WINDOWS\Explorer.EXE[1984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02210000
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0094
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0083
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F9F
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0FBC
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0043
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00C0
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F78
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00FD
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00E2
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC010E
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC005E
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A5
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0014
.text C:\WINDOWS\System32\svchost.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00D1
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB002C
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0073
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0062
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FC0
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\System32\svchost.exe[2376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0047
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA005A
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FCF
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0038
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0049
.text C:\WINDOWS\System32\svchost.exe[2376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F59
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026004E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F80
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F32
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0026007A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EFC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260095
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EEB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026005F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F17
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035007D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035006C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360069
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360044
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360018
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360033
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01BB0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01BB001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01BB0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01BB0036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3288] ws2_32.dll!socket 71AB4211 5 Bytes JMP 021E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B006F
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F95
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B1
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0094
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F33
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00D6
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F22
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0043
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F69
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001E
.text C:\WINDOWS\system32\wuauclt.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F58
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA6
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0031
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0016
.text C:\WINDOWS\system32\wuauclt.exe[3748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\wuauclt.exe[3748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FAF
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
mbam-log-2010-08-09 (20-24-59).txt 891bytes
78 downloadsMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4412
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
8/9/2010 8:24:59 PM
mbam-log-2010-08-09 (20-24-59).txt
Scan type: Quick scan
Objects scanned: 133168
Time elapsed: 11 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL.Txt 53.31KB
73 downloadsOTL logfile created on: 8/9/2010 7:50:27 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\TT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 129.15 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOMS-LAPTOP
Current User Name: TT
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\TT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\providerComcast\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\TT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast) -- C:\Program Files\providerComcast\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2009/08/26 00:29:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://www.iilvirtua...raUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244668366025 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\Documents and Settings\TT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/09 19:47:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TT\Desktop\OTL.exe
[2010/08/06 18:37:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TT\Recent
[2010/08/06 18:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TT\Local Settings\Application Data\Sunbelt Software
[2010/07/28 19:34:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/28 16:45:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/01 09:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/01 09:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/01 09:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/29 13:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TT\My Documents\Bills
[2010/05/20 16:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/20 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/17 10:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
========== Files - Modified Within 90 Days ==========
[2010/08/09 19:48:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TT\Desktop\OTL.exe
[2010/08/09 18:33:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/09 18:33:01 | 000,012,211 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/09 18:32:17 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 18:31:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 18:31:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 18:31:36 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 11:46:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TT\ntuser.ini
[2010/08/08 11:46:08 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\TT\NTUSER.DAT
[2010/08/07 02:59:33 | 000,115,107 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\TFC.exe
[2010/08/06 16:16:44 | 005,362,970 | -H-- | M] () -- C:\Documents and Settings\TT\Local Settings\Application Data\IconCache.db
[2010/08/06 10:16:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/06 10:09:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\CCleaner.lnk
[2010/07/28 21:20:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 19:34:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/28 16:44:57 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/28 16:44:57 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 16:03:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/12 14:03:39 | 000,047,974 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\StatementToPDF
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 00:19:30 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\TT\My Documents\Mexico.rtf
[2010/07/01 01:00:09 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/24 10:33:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 10:33:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 10:33:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/15 14:03:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/11 14:25:53 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 14:07:30 | 000,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 14:21:02 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\TT\My Documents\Budget 2010.xls
[2010/05/25 11:42:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\TT\Desktop\gmer.zip
[2010/05/20 16:33:34 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
========== Files Created - No Company Name ==========
[2010/08/07 02:59:29 | 000,115,107 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\TFC.exe
[2010/07/28 16:44:57 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\TT\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/28 16:44:57 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/12 14:03:37 | 000,047,974 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\StatementToPDF
[2010/07/07 00:19:29 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\TT\My Documents\Mexico.rtf
[2010/07/01 09:22:35 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/25 11:42:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\TT\Desktop\gmer.zip
[2010/05/21 12:57:22 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\TT\My Documents\Budget 2010.xls
[2010/05/20 16:33:34 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/09 13:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2009/06/17 14:57:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/16 16:09:52 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 15:57:32 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 15:56:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/01/13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 03:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/08/04 03:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/07/30 03:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/06/15 12:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/20 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/08 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/18 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/05 10:51:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/08/06 18:37:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2009/06/17 11:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Centra
[2009/06/22 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/07/30 03:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Juniper Networks
[2009/06/17 12:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\Saba
[2009/08/15 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\SanDisk
[2009/06/16 22:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\SumatraPDF
[2010/08/09 19:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TT\Application Data\uTorrent
[2010/08/09 18:33:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/30 14:35:56 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 01:00:09 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/08/23 15:06:55 | 000,288,768 | ---- | M] () -- C:\53fr7dvj.exe
[2010/08/09 18:31:35 | 000,020,721 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 14:01:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/24 15:54:59 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2009/06/10 17:52:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/08/26 00:22:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/24 15:54:58 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/26 00:35:18 | 000,017,522 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 14:01:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/20 13:41:56 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2009/08/23 16:00:12 | 000,112,060 | ---- | M] () -- C:\GMER torr_tom.log
[2010/08/09 18:31:36 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 13:01:42 | 000,053,637 | ---- | M] () -- C:\HP2030.log
[2009/06/10 14:01:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/11 13:09:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/06/10 14:01:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/10 17:48:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/10 18:37:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/09 18:31:35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/08/24 15:54:58 | 000,135,168 | ---- | M] () -- C:\zip.exe
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 14:01:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/08/12 02:00:26 | 000,081,920 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/06/10 09:48:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/10 09:48:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/10 09:48:50 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%|bak;true;false;false /fp >
< %systemroot%\system32|bak;true;false;false /fp >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 14:53:02
< End of report >
Extras.Txt 26.09KB
81 downloadsOTL Extras logfile created on: 8/23/2009 2:52:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\TT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.92 Mb Total Physical Memory | 304.72 Mb Available Physical Memory | 59.64% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 136.58 Gb Free Space | 91.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOMS-LAPTOP
Current User Name: TT
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CentraClient" = Centra Client
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"SumatraPDF" = Sumatra PDF reader
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/23/2009 12:29:11 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 8/23/2009 12:29:11 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 8/23/2009 12:34:36 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.
Error - 8/23/2009 12:34:42 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1007769471.
Error - 8/23/2009 12:34:49 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.
Error - 8/23/2009 12:35:13 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.
Error - 8/23/2009 12:35:17 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1007769471.
Error - 8/23/2009 12:35:36 PM | Computer Name = TOMS-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 3.6.0.1000, faulting
module superantispyware.exe, version 3.6.0.1000, fault address 0x00056512.
Error - 8/23/2009 12:55:37 PM | Computer Name = TOMS-LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 8/23/2009 1:33:18 PM | Computer Name = TOMS-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
[ System Events ]
Error - 8/21/2009 6:53:13 PM | Computer Name = TOMS-LAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
WHITNEY that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{F0B3668A-2B13-44EF-9. The master browser is stopping or an election
is being forced.
Error - 8/22/2009 11:31:11 AM | Computer Name = TOMS-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000E35BEA860.
Error - 8/22/2009 4:32:52 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
Error - 8/22/2009 5:07:30 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
Error - 8/22/2009 5:08:06 PM | Computer Name = TOMS-LAPTOP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b6688b4b, parameter3
b82ac0f4, parameter4 00000000.
Error - 8/22/2009 7:01:52 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
Error - 8/22/2009 7:06:42 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
Error - 8/22/2009 7:10:33 PM | Computer Name = TOMS-LAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SPAGHETTI-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{F0B3668A-2B13-4. The master browser is stopping or an election is being
forced.
Error - 8/23/2009 5:32:28 AM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
Error - 8/23/2009 12:59:12 PM | Computer Name = TOMS-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).
< End of report >
Sign In
Create Account
