Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

documents from scans


  • Please log in to reply

#1
charlie69666

charlie69666

    New Member

  • Member
  • Pip
  • 1 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 00:53:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\CHARLI~1\LOCALS~1\Temp\pxqyyfoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7446DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7446DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7446DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7446E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7446D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7446D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7446D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7446DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7446E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7446E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7446E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7446E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7446E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

init D:\WINDOWS\System32\Drivers\gcr432.sys entry point in "init" section [0xBA5EEEA0]

---- User code sections - GMER 1.0.15 ----

.text D:\WINDOWS\Explorer.EXE[384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0468000A
.text D:\WINDOWS\Explorer.EXE[384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04680036
.text D:\WINDOWS\Explorer.EXE[384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0468001B
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05970FEF
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05970F66
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05970F81
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0597005B
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0597004A
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0597002F
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05970F55
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05970091
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 059700D3
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05970F3A
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 059700E4
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05970FA8
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0597000A
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05970076
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05970FC3
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05970FDE
.text D:\WINDOWS\Explorer.EXE[384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 059700B8
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 055F0FDE
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 055F0076
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 055F0025
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 055F000A
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 055F0065
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 055F0FEF
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 055F0054
.text D:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 055F0FCD
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 046B0FA1
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!system 77C293C7 5 Bytes JMP 046B002C
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 046B0FC6
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 046B0FEF
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 046B001B
.text D:\WINDOWS\Explorer.EXE[384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 046B0000
.text D:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04690FE5
.text D:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04690FD4
.text D:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04690FB9
.text D:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0469000A
.text D:\WINDOWS\Explorer.EXE[384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 046A0FEF
.text D:\WINDOWS\System32\svchost.exe[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900FEF
.text D:\WINDOWS\System32\svchost.exe[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900FD4
.text D:\WINDOWS\System32\svchost.exe[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090000A
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F8A
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB007F
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB006E
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0047
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FB9
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F5E
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00B0
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00DF
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F3C
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00F0
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0036
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FEF
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F79
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FCA
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0025
.text D:\WINDOWS\System32\svchost.exe[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F4D
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0036
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA00A2
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA001B
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA000A
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0087
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0062
.text D:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0047
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F95
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930FB0
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FD2
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FC1
.text D:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FEF
.text D:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00910FEF
.text D:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00910FD4
.text D:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00910000
.text D:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00910FAF
.text D:\WINDOWS\System32\svchost.exe[612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 D:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 D:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text D:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0000
.text D:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F0FE5
.text D:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0011
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770FEF
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770090
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770075
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770058
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770047
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0077002C
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700BC
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F80
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700D7
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F3E
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F23
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770FAF
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FD4
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700AB
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0077001B
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770000
.text D:\WINDOWS\system32\services.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F63
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00720FAF
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00720F68
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00720FCA
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00720000
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720025
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00720FE5
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00720F83
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [92, 88]
.text D:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720F9E
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710064
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710FCF
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0071002E
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710000
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071003F
.text D:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710011
.text D:\WINDOWS\system32\services.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700FE5
.text D:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text D:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0025
.text D:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0014
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0000
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F8A
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0FA5
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED007F
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0062
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0036
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F5C
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00A4
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00DA
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00C9
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F26
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0047
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0011
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0F79
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FC0
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FDB
.text D:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F4B
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0051
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0FDB
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0036
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0025
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0098
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC000A
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC007D
.text D:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0062
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0FDB
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0066
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB003A
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0055
.text D:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB001D
.text D:\WINDOWS\system32\lsass.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C3000A
.text D:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A60000
.text D:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A60FD1
.text D:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A60011
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0FE5
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F5F
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0F7A
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA0F97
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0FA8
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA0040
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F33
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA006F
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA0F0E
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA00A7
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA00CC
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA0FB9
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0000
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA0F4E
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0025
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA0FD4
.text D:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0096
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A90011
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A90062
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A90000
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A90FD4
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A90FA5
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90FEF
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A9003D
.text D:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A9002C
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80042
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FB7
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80027
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80000
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FC8
.text D:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FE3
.text D:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A40000
.text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A4001B
.text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A40FE5
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF0000
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AF0098
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AF007D
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AF0FAF
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AF0062
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AF0FD4
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AF00CE
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AF0F88
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AF0F46
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AF0F61
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AF00FA
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AF0051
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AF0025
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AF00B3
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AF0040
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AF0FEF
.text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AF00E9
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70FCA
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70FAF
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7001B
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70FEF
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A7006C
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A7000A
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A7005B
.text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70036
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60064
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60FD9
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A6002E
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60000
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60049
.text D:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60011
.text D:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50000
.text D:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02500000
.text D:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02500FDB
.text D:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02500011
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C00000
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02C00073
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02C00062
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02C00051
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02C00F94
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02C00036
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02C0009F
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02C0008E
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02C00F2B
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02C000C4
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02C00F1A
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02C00FAF
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02C00FE5
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02C00F63
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02C0001B
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02C00FCA
.text D:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02C00F3C
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02BF0FAF
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02BF006C
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02BF000A
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02BF0FD4
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02BF0047
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02BF0FEF
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02BF0036
.text D:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02BF0025
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02530070
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 0253005F
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02530FEF
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02530000
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02530044
.text D:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02530029
.text D:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02520FEF
.text D:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02510000
.text D:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02510011
.text D:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02510FDB
.text D:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02510FC0
.text D:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0000
.text D:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D001B
.text D:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D0FE5
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910000
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0091009A
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910075
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F9B
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0091004E
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910FB6
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009100CB
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F79
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009100F7
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100E6
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910112
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0091003D
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910011
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F8A
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FC7
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910022
.text D:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910F68
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900025
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900F8A
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0090000A
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FD4
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900047
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900FAF
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
.text D:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900036
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008F0F89
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 008F0FA4
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008F0FB5
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008F0FEF
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008F000A
.text D:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008F0FC6
.text D:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008E000A
.text D:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60FEF
.text D:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60014
.text D:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FDE
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01030FEF
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01030039
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01030F3A
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01030F55
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01030F72
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01030F9E
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01030F13
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0103005B
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01030EDD
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01030EEE
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01030087
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01030F83
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01030FD4
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0103004A
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01030014
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01030FB9
.text D:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01030076
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FB2
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90032
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FC3
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90FDE
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90F75
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B90F86
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 88]
.text D:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90F97
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80F64
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80F7F
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FAB
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80FEF
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80F90
.text D:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FD2
.text D:\WINDOWS\System32\svchost.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70000
.text D:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FE5
.text D:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA001B
.text D:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA000A
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD009A
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0089
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0062
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0051
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD002C
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F79
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F8A
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F3C
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F4D
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F21
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0FAF
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FE5
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD00B5
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD001B
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FCA
.text D:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F68
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0025
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0F9E
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FD4
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FEF
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0FAF
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC000A
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0051
.text D:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0040
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB001D
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0F9C
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB000C
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FB7
.text D:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FD2
.text D:\WINDOWS\System32\svchost.exe[2096] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F0000A
.text D:\WINDOWS\System32\svchost.exe[2096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F00036
.text D:\WINDOWS\System32\svchost.exe[2096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F0001B
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FE5
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F400B5
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40090
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F4007F
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40062
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40036
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F9B
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F400E1
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40112
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F79
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40123
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40051
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4000A
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F400C6
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F4001B
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FD4
.text D:\WINDOWS\System32\svchost.exe[2096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F8A
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F3000A
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30051
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FB9
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30FCA
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30036
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30FE5
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F30F94
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [13, 89]
.text D:\WINDOWS\System32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30025
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20FB7
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F2004C
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F2001D
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FD2
.text D:\WINDOWS\System32\svchost.exe[2096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FE3
.text D:\WINDOWS\System32\svchost.exe[2096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10000
.text D:\WINDOWS\system32\SearchIndexer.exe[2280] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C D:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270064
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F6F
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F80
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027003D
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB6
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0027007F
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F39
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700B2
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700A1
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EFE
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9B
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F54
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027002C
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270011
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270090
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FC3
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F86
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360014
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FDE
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F97
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360039
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FB2
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02A8432B D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Toolbar/Conduit Ltd.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02A844FB D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Toolbar/Conduit Ltd.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370031
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FA6
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB7
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037000C
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 1001EF20 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1001EE00 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 1001F060 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1001F160 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0118000A
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0118001B
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01180FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01180FCA
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2908] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02D30FEF
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02D3001E
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02D30FDE
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034B0FEF
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 034B0F77
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 034B0062
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 034B0051
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 034B0040
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 034B0014
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034B00B3
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 034B00A2
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034B0F1A
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034B0F35
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 034B0F09
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 034B002F
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 034B0FD4
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 034B0091
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 034B0FA8
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 034B0FC3
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 034B0F50
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 034A0FC3
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 034A0F72
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 034A0FD4
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 034A000A
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 034A002F
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 034A0FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 034A0F8D
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6A, 8B] {PUSH -0x75}
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 034A0F9E
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03490062
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!system 77C293C7 5 Bytes JMP 03490047
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03490FD7
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03490000
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03490036
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03490011
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 1001EF20 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1001EE00 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 1001F060 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1001F160 d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03470000
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03470011
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03470022
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03470FD1
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3708] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 D:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01DB0FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01DB0FC3
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01DB0FD4
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E00000
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E00F66
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E00051
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E00040
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E0002F
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E00F9E
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E00F44
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E00F55
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E00F0E
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E000A7
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01E000C2
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01E00F8D
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E00FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01E00076
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01E00FC3
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01E00FD4
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E00F29
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01DF0FB9
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01DF0040
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01DF0FCA
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01DF0000
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01DF0025
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01DF0FE5
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01DF0F8D
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FF, 89]
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01DF0FA8
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100F432B D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Toolbar/Conduit Ltd.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100F44FB D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Toolbar/Conduit Ltd.)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01DE0FCF
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!system 77C293C7 5 Bytes JMP 01DE0064
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01DE002E
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01DE0000
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01DE0053
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01DE0011
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01DC0FEF
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01DC0000
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01DC0FCA
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01DC0FA5
.text D:\Program Files\Internet Explorer\iexplore.exe[3952] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01DD0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 9/5/2010 10:50:49 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\Documents and Settings\charlie wistner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): D:\pagefile.sys 1872 3744 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37.26 Gb Total Space | 22.61 Gb Free Space | 60.67% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 38.40 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CUG4DW5SS7
Current User Name: charlie wistner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C02E178A-52FA-3266-E945-BE38D3171033}" = Nero 7 Ultra Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Bookworm Deluxe 1.03" = Bookworm Deluxe 1.03
"Drop" = Drop
"Drop!" = Drop!
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"Lexmark 730 Series" = Lexmark 730 Series
"LimeWireTurbo" = LimeWireTurbo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marble Blaster" = Marble Blaster
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"P2P_Energy Toolbar" = P2P_Energy Toolbar
"Peggle Nights" = Peggle Nights
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"SeaMonkey (2.0.6)" = SeaMonkey (2.0.6)
"Shockwave" = Shockwave
"Shoot the Roach" = Shoot the Roach
"SLAMRNTV" = 56Kbps Internal Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2009 8:11:49 PM | Computer Name = HOME-CUG4DW5SS7 | Source = ESENT | ID = 486
Description = wlcomm (4040) An attempt to move the file "D:\Documents and Settings\charlie
wistner\Local Settings\Application Data\Microsoft\Windows Live Contacts\{5991b834-e5e2-4a39-9427-b7b936e8956c}\DBStore\Backup\temp\"
to "D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Microsoft\Windows
Live Contacts\{5991b834-e5e2-4a39-9427-b7b936e8956c}\DBStore\Backup\new" failed
with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 11/17/2009 8:11:49 PM | Computer Name = HOME-CUG4DW5SS7 | Source = ESENT | ID = 215
Description = wlcomm (4040) D:\Documents and Settings\charlie wistner\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{5991b834-e5e2-4a39-9427-b7b936e8956c}\: The
backup has been stopped because it was halted by the client or the connection with
the client failed.

Error - 11/17/2009 8:11:49 PM | Computer Name = HOME-CUG4DW5SS7 | Source = ESENT | ID = 484
Description = wlcomm (4040) An attempt to remove the folder "D:\Documents and Settings\charlie
wistner\Local Settings\Application Data\Microsoft\Windows Live Contacts\{5991b834-e5e2-4a39-9427-b7b936e8956c}\DBStore\Backup\temp\"
failed with system error 145 (0x00000091): "The directory is not empty. ". The
remove folder operation will fail with error -1022 (0xfffffc02).

Error - 11/25/2009 7:09:24 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Application Error | ID = 1000
Description = Faulting application usinv3r.exe, version 1.0.0.625, faulting module
usinv3r.exe, version 1.0.0.625, fault address 0x00001b2a.

Error - 12/3/2009 1:01:06 PM | Computer Name = HOME-CUG4DW5SS7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/8/2009 1:57:16 AM | Computer Name = HOME-CUG4DW5SS7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ietoolbar.dll, version 2.710.16.5, fault address 0x000721cc.

Error - 12/8/2009 1:58:29 AM | Computer Name = HOME-CUG4DW5SS7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ietoolbar.dll, version 2.710.16.5, fault address 0x000721cc.

Error - 12/8/2009 1:24:20 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 9.0.0.701, fault address 0x000d7fa0.

Error - 12/8/2009 9:51:50 PM | Computer Name = HOME-CUG4DW5SS7 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/8/2009 9:59:32 PM | Computer Name = HOME-CUG4DW5SS7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 9/4/2010 5:49:09 PM | Computer Name = HOME-CUG4DW5SS7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/4/2010 5:53:24 PM | Computer Name = HOME-CUG4DW5SS7 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/4/2010 5:53:27 PM | Computer Name = HOME-CUG4DW5SS7 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 9/4/2010 6:46:04 PM | Computer Name = HOME-CUG4DW5SS7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/4/2010 6:46:04 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 9/4/2010 6:46:04 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 9/4/2010 6:46:28 PM | Computer Name = HOME-CUG4DW5SS7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/4/2010 6:46:28 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 9/4/2010 6:46:28 PM | Computer Name = HOME-CUG4DW5SS7 | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 9/5/2010 1:49:03 AM | Computer Name = HOME-CUG4DW5SS7 | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
OTL logfile created on: 9/5/2010 10:50:49 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\Documents and Settings\charlie wistner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): D:\pagefile.sys 1872 3744 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37.26 Gb Total Space | 22.61 Gb Free Space | 60.67% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 38.40 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CUG4DW5SS7
Current User Name: charlie wistner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\charlie wistner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - d:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - d:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - D:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - D:\WINDOWS\system32\S3tray2.exe (S3 Graphics, Inc.)
PRC - D:\WINDOWS\system32\slserv.exe ( )


========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\charlie wistner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - D:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - D:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - D:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - D:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (mfefire) -- D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- D:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- D:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- D:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- D:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (aspnet_state) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (MSK80Service) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (fsssvc) -- D:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (lxcf_device) -- D:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (SLService) -- D:\WINDOWS\System32\slserv.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- D:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- D:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (InCDRm) -- D:\WINDOWS\System32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- D:\WINDOWS\System32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- D:\WINDOWS\System32\drivers\InCDFs.sys File not found
DRV - (cpuz132) -- D:\DOCUME~1\CHARLI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (mfehidk) -- D:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- D:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- D:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- D:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- D:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- D:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- D:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- D:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mfesmfk) -- D:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- D:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (fssfltr) -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- D:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- D:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- D:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (S3SavageNB) -- D:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (S3Psddr) -- D:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (BCM43XX) -- D:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Slntamr) -- D:\WINDOWS\system32\drivers\slntamr.sys ()
DRV - (ICAM5USB) Intel® -- D:\WINDOWS\system32\drivers\ICAM5D2.sys (Intel Corporation)
DRV - (V90drv) -- D:\WINDOWS\system32\drivers\v90drv.sys ( )
DRV - (SlWdmSup) -- D:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (SlNtHal) -- D:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (NtMtlFax) -- D:\WINDOWS\system32\drivers\ntmtlfax.sys ()
DRV - (Mtlstrm) -- D:\WINDOWS\system32\drivers\mtlstrm.sys ()
DRV - (Mtlmnt5) -- D:\WINDOWS\system32\drivers\mtlmnt5.sys ()
DRV - (Gcr432) -- D:\WINDOWS\system32\drivers\gcr432.sys (Gemplus)
DRV - (MODEMCSA) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 64 EF EF BB 48 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: D:\Program Files\McAfee\SiteAdvisor [2010/08/23 01:04:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: D:\Program Files\SeaMonkey\components [2010/09/04 16:55:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: D:\Program Files\SeaMonkey\plugins [2010/09/04 16:54:48 | 000,000,000 | ---D | M]

[2010/09/04 16:55:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Mozilla\Extensions
[2010/09/04 16:55:28 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\charlie wistner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/06/13 00:09:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Mozilla\Extensions\[email protected]
[2010/09/04 16:55:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Mozilla\SeaMonkey\Profiles\rv73pt91.default\extensions

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - d:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Download Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100814201812.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - D:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - D:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LXCFCATS] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [S3TRAY2] D:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTPreset] D:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244810258630 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1257191122860 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 13:56:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1bf0bdae-b691-11de-9300-0011500b3816}\Shell - "" = AutoRun
O33 - MountPoints2\{1bf0bdae-b691-11de-9300-0011500b3816}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bf0bdae-b691-11de-9300-0011500b3816}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - D:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll ()
Drivers32: wave - D:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/04 18:06:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Application Data\Malwarebytes
[2010/09/04 18:06:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/04 18:06:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/04 18:06:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/09/04 18:06:32 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 18:02:04 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010/09/04 16:59:19 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/09/04 16:55:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Mozilla
[2010/09/04 16:54:46 | 000,000,000 | ---D | C] -- D:\Program Files\SeaMonkey
[2010/09/04 16:29:00 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss
[2010/09/04 14:30:41 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe
[2010/09/03 18:58:08 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2010/09/03 18:49:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/31 07:32:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Temp
[2010/08/31 07:32:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Google
[2010/08/31 07:31:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\Deployment
[2010/08/25 22:06:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\My Documents\NeroVision
[2010/08/24 18:43:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\My Documents\Incomplete
[2010/08/23 18:42:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\IObit
[2010/08/23 00:47:05 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\winrm
[2010/08/23 00:46:53 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$968930Uinstall_KB968930$
[2010/08/15 20:53:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\appmgmt
[2010/08/15 15:36:28 | 000,000,000 | ---D | C] -- D:\Program Files\McAfeeMOBK
[2010/08/15 15:33:48 | 000,054,776 | ---- | C] (Mozy, Inc.) -- D:\WINDOWS\System32\drivers\MOBK.sys
[2010/08/15 15:33:24 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee Online Backup
[2010/08/14 22:18:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\charlie wistner\Application Data\Office Genuine Advantage
[2010/08/14 22:06:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/08/14 22:06:41 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/08/14 21:57:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\zh-TW
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\zh-HK
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\tr-TR
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\sv-SE
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\pt-BR
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\nl-NL
[2010/08/14 21:21:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\nb-NO
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ko-KR
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\it-IT
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\he-IL
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\fr-FR
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\fi-FI
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\es-ES
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\el-GR
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\de-DE
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\da-DK
[2010/08/14 21:21:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ar-SA
[2010/08/14 20:33:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/14 20:33:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/14 20:18:11 | 000,009,344 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/14 20:18:03 | 000,088,480 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/14 20:18:03 | 000,083,496 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/14 20:18:03 | 000,082,952 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/14 20:18:02 | 000,312,616 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/14 20:18:02 | 000,095,568 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/14 20:18:02 | 000,055,456 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/14 20:17:45 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Mcafee
[2010/08/14 20:17:43 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee.com
[2010/08/14 20:17:16 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee
[2009/06/20 12:25:32 | 001,134,592 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfusb1.dll
[2009/06/20 12:25:31 | 001,183,744 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfserv.dll
[2009/06/20 12:25:31 | 000,155,648 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfprox.dll
[2009/06/20 12:25:31 | 000,114,688 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfpplc.dll
[2009/06/20 12:25:30 | 000,704,512 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfcomc.dll
[2009/06/20 12:25:30 | 000,483,328 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcflmpm.dll
[2009/06/20 12:25:30 | 000,413,696 | ---- | C] ( ) -- D:\WINDOWS\System32\lxcfcomm.dll
[2009/06/15 09:19:50 | 000,047,360 | ---- | C] (VSO Software) -- D:\Documents and Settings\charlie wistner\Application Data\pcouffin.sys
[2004/08/04 01:41:44 | 000,175,160 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\slnthal.sys
[2001/11/29 20:10:32 | 001,432,836 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\v90drv.sys

========== Files - Modified Within 90 Days ==========

[2010/09/05 10:52:00 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{EFF0C24E-FCB4-40B5-967E-E8DC1CF39403}.job
[2010/09/05 10:37:02 | 000,001,022 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-152049171-725345543-1003UA.job
[2010/09/05 10:08:16 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/05 10:06:39 | 000,000,444 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{99C63A55-C756-45F1-A42D-B33F79319137}.job
[2010/09/05 10:05:52 | 000,013,114 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/09/05 10:05:38 | 000,001,595 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/09/05 10:05:10 | 000,000,236 | ---- | M] () -- D:\WINDOWS\tasks\OGALogon.job
[2010/09/05 10:05:05 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/09/05 10:05:00 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/09/05 01:49:13 | 005,505,024 | -H-- | M] () -- D:\Documents and Settings\charlie wistner\NTUSER.DAT
[2010/09/04 18:46:16 | 007,519,532 | -H-- | M] () -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\IconCache.db
[2010/09/04 18:06:37 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 17:49:07 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\charlie wistner\ntuser.ini
[2010/09/04 16:55:04 | 000,001,582 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2010/09/04 16:55:04 | 000,001,564 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/09/04 16:30:34 | 000,000,994 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/09/04 16:30:34 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/09/04 14:39:16 | 000,000,106 | ---- | M] () -- D:\Documents and Settings\charlie wistner\default.pls
[2010/09/04 14:39:11 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010/09/04 14:33:55 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/04 07:37:01 | 000,000,970 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-152049171-725345543-1003Core.job
[2010/09/04 00:41:54 | 000,095,744 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 07:33:58 | 000,002,365 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Desktop\Google Chrome.lnk
[2010/08/31 07:33:58 | 000,002,343 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/30 14:05:08 | 000,613,528 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/30 14:05:08 | 000,526,102 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/08/30 14:05:08 | 000,095,592 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/08/23 00:48:55 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/08/16 15:37:39 | 000,000,047 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2010/08/14 21:53:10 | 000,271,784 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/27 18:13:02 | 000,000,040 | ---- | M] () -- D:\WINDOWS\popcinfo.dat

========== Files Created - No Company Name ==========

[2010/09/04 18:06:37 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 16:55:04 | 000,001,564 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/09/04 16:55:03 | 000,001,582 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2010/09/04 14:31:32 | 000,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/31 07:33:58 | 000,002,365 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Desktop\Google Chrome.lnk
[2010/08/31 07:33:58 | 000,002,343 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/31 07:32:32 | 000,001,022 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-152049171-725345543-1003UA.job
[2010/08/31 07:32:32 | 000,000,970 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-152049171-725345543-1003Core.job
[2010/08/14 23:22:57 | 000,000,422 | -H-- | C] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{EFF0C24E-FCB4-40B5-967E-E8DC1CF39403}.job
[2010/08/14 21:21:49 | 000,000,236 | ---- | C] () -- D:\WINDOWS\tasks\OGALogon.job
[2010/08/14 20:33:10 | 000,001,595 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/14 19:59:45 | 000,000,330 | -H-- | C] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/23 21:04:41 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Versabook.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/07/15 03:50:15 | 000,000,385 | ---- | C] () -- D:\WINDOWS\System32\MRT.INI
[2009/06/27 09:51:57 | 000,095,744 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 12:25:32 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\lxcfvs.dll
[2009/06/20 11:51:59 | 000,000,029 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2009/06/20 09:55:36 | 000,000,139 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Local Settings\Application Data\fusioncache.dat
[2009/06/15 09:20:05 | 000,000,034 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\pcouffin.log
[2009/06/15 09:19:50 | 000,087,608 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\inst.exe
[2009/06/15 09:19:50 | 000,007,887 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\pcouffin.cat
[2009/06/15 09:19:50 | 000,001,144 | ---- | C] () -- D:\Documents and Settings\charlie wistner\Application Data\pcouffin.inf
[2009/06/13 21:30:56 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/03/03 15:18:04 | 000,073,728 | ---- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2004/08/04 03:56:45 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\slextspk.dll
[2004/08/04 01:41:42 | 000,322,948 | ---- | C] () -- D:\WINDOWS\System32\drivers\slntamr.sys
[2004/08/04 01:41:39 | 000,607,732 | ---- | C] () -- D:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/08/04 01:41:38 | 000,172,708 | ---- | C] () -- D:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/08/04 01:41:37 | 002,383,460 | ---- | C] () -- D:\WINDOWS\System32\drivers\mtlstrm.sys
[2001/11/29 20:10:36 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\amr_cpl.dll
[2001/08/23 08:00:00 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2001/08/23 08:00:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2001/08/23 08:00:00 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2001/08/23 08:00:00 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2001/08/23 08:00:00 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll

========== LOP Check ==========

[2010/08/14 19:54:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2010/08/23 18:42:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IObit
[2010/09/03 18:49:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/11/15 19:12:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/11/11 14:04:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Temp
[2009/06/15 12:32:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/31 07:15:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\IObit
[2010/08/28 22:59:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\LimeWire
[2009/10/12 13:07:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\LimeWireTurbo
[2009/09/12 12:15:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\uTorrent
[2009/10/11 14:11:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Vso
[2009/06/12 13:20:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Windows Desktop Search
[2009/11/02 16:06:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\charlie wistner\Application Data\Windows Search
[2010/09/05 10:08:16 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/05 10:05:10 | 000,000,236 | ---- | M] () -- D:\WINDOWS\Tasks\OGALogon.job
[2010/09/05 10:06:39 | 000,000,444 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{99C63A55-C756-45F1-A42D-B33F79319137}.job
[2010/09/05 10:52:00 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{EFF0C24E-FCB4-40B5-967E-E8DC1CF39403}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/10/24 17:32:31 | 000,000,458 | -H-- | M] () -- D:\IPH.PH
[2010/09/04 18:46:28 | 000,029,667 | ---- | M] () -- D:\lxcf.log
[2009/06/20 12:25:15 | 000,000,275 | ---- | M] () -- D:\lxcffire.csv
[2009/06/20 12:25:52 | 000,000,144 | ---- | M] () -- D:\lxcfinst.csv
[2009/08/14 00:12:22 | 000,025,214 | ---- | M] () -- D:\moregames.ico
[2010/09/05 10:04:57 | 1962,934,272 | -HS- | M] () -- D:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 18:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 17:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 18:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 17:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/12 11:14:03 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/08/17 02:52:56 | 000,073,728 | ---- | M] (Lexmark International, Inc.) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\lxcfpp5c.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/12 04:01:14 | 000,090,112 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/06/12 04:01:13 | 000,630,784 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/06/12 04:01:13 | 000,413,696 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/06/12 12:49:27 | 000,000,272 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/12 13:00:05 | 000,000,177 | -HS- | M] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/06/12 11:22:25 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/06/20 12:24:06 | 027,061,329 | ---- | M] (Lexmark International, Inc. ) -- D:\Documents and Settings\charlie wistner\My Documents\lexmark 730 drivers.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/12 13:00:05 | 000,000,122 | -HS- | M] () -- D:\Documents and Settings\charlie wistner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/05 10:47:33 | 000,245,760 | ---- | M] () -- D:\Documents and Settings\charlie wistner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 01:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 18:24:18 | 000,004,821 | ---- | M] () -- D:\Program Files\Messenger\blogo.gif
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\custsat.dll
[2004/07/17 14:41:08 | 000,004,821 | ---- | M] () -- D:\Program Files\Messenger\logowin.gif
[2001/03/07 09:00:26 | 000,007,047 | ---- | M] () -- D:\Program Files\Messenger\lvback.gif
[2001/05/22 16:06:52 | 000,000,866 | ---- | M] () -- D:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2001/02/01 09:00:26 | 000,000,685 | ---- | M] () -- D:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/02 00:58:12 | 000,016,415 | ---- | M] () -- D:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 14:41:08 | 000,002,882 | ---- | M] () -- D:\Program Files\Messenger\newalert.wav
[2004/07/17 14:41:08 | 000,006,156 | ---- | M] () -- D:\Program Files\Messenger\newemail.wav
[2004/07/17 14:41:08 | 000,006,160 | ---- | M] () -- D:\Program Files\Messenger\online.wav
[2000/12/05 16:10:32 | 000,004,454 | ---- | M] () -- D:\Program Files\Messenger\type.wav
[2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- D:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 20:31:44
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP