MBAM Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4881
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/19/2010 8:04:30 AM
mbam-log-2010-10-19 (08-04-30).txt
Scan type: Quick scan
Objects scanned: 152671
Time elapsed: 10 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER Log
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-19 10:53:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afkyifow.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7437090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74370A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF74370D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7437126]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF743707C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7437054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7437068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF74370BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF74370FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF74370E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7437150]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF743713C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7437110]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF68D7360, 0x20598D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20053
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20042
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F68
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F83
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20F9E
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20075
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20EE6
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F01
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20ED5
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20064
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FAF
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FC0
.text C:\WINDOWS\system32\svchost.exe[372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F1C
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10F94
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FA5
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FA1
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FE3
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FC6
.text C:\WINDOWS\system32\svchost.exe[372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[372] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[372] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[372] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[372] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80FCD
.text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F79
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70064
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70047
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FC0
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F7009F
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F4D
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700D5
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700BA
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700F0
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FA5
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F5E
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7002C
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FDB
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F3C
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60025
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F9E
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60FAF
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60051
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60040
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50069
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50058
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5003D
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50018
.text C:\WINDOWS\System32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[1236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\services.exe[1236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB002C
.text C:\WINDOWS\system32\services.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D90075
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90064
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90F80
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D9003D
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D90FB6
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D90F5E
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D9009A
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D900DC
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D90F4D
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D900ED
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D90F9B
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D90F6F
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D90022
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D90FDB
.text C:\WINDOWS\system32\services.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D900C1
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012C0FE5
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012C0F94
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012C002C
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012C001B
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012C0051
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012C000A
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012C0FAF
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 89]
.text C:\WINDOWS\system32\services.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012C0FD4
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012B0049
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 012B0038
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012B0FE3
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012B0000
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012B0FC8
.text C:\WINDOWS\system32\services.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012B001D
.text C:\WINDOWS\system32\services.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012A0000
.text C:\WINDOWS\system32\lsass.exe[1248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\lsass.exe[1248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\lsass.exe[1248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B6005D
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B60F68
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60036
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60F83
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B6007F
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B60F43
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B600C6
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B600AB
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B60F12
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B60F94
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B6006E
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B60FAF
.text C:\WINDOWS\system32\lsass.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B60090
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0051
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD00A2
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0091
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\system32\lsass.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90FA1
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FCD
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90022
.text C:\WINDOWS\system32\lsass.exe[1248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\lsass.exe[1248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C60025
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50F86
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5007B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F97
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50FA8
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50054
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C500BD
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C500AC
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F3F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500E2
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C500FD
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F75
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C5002F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C50F5A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90F83
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F94
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FCD
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80029
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80044
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70FEF
.text C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe[1408] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 004073E0 C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (KodakDigitalDisplayService/Orb Networks, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F20F94
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F20089
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20FAF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F2006C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F20047
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F20F5C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F200A4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F200FF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F200DA
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F20110
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F20F79
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F20036
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F200BF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FAF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6002F
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F72
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60F83
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60F9E
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50053
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FC8
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50038
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F5001D
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F4000A
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04B40FE5
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04B40FC3
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 04B40FD4
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04B3000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04B30073
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04B30062
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04B30051
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04B30F94
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04B30FB9
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04B30F59
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04B300AB
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04B30F23
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04B300BC
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04B300D7
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04B30036
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04B30FE5
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04B30084
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04B30FCA
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04B3001B
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04B30F48
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04B20FAF
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04B20F68
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04B2000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04B20FD4
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04B20025
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04B20FE5
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04B20F8D
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D2, 8C]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04B20F9E
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 051E005D
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!system 77C293C7 5 Bytes JMP 051E0042
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 051E0016
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 051E0FEF
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 051E0027
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 051E0FDE
.text C:\WINDOWS\System32\svchost.exe[1508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 051D0000
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04B50FE5
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04B5000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04B50FCA
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 04B5001B
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00640060
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00640F75
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00640F86
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00640F97
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00640F49
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00640091
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006400C0
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00640F27
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006400E5
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00640FA8
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00640F5A
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00640F38
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00630F97
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00630054
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [83, 88]
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00660FB5
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00660FE3
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00660FC6
.text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007E0040
.text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007D007D
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007D0F88
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007D0062
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007D0FAF
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007D0040
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007D0F57
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007D009F
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D00C1
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D0F28
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007D0F0D
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007D0051
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007D008E
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007D0025
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007D00B0
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C004A
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C0F8D
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007C0F9E
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 88]
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C002F
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00800FD2
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 0080005D
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00800FE3
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00800042
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007F000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F81
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270065
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F4E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0027008A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F18
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700B1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700CC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F5F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F33
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F94
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F8B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F9C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009E0FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EA0FC3
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E900C9
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E900AE
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E9006C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E900FC
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900EB
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90132
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90FA3
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E9014D
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90091
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90025
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E900DA
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E9005B
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90121
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80043
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80F86
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80FA1
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80FB2
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC003D
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0022
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC0FCD
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC0FBC
.text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\svchost.exe[1668] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20093
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20082
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20071
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20054
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FCD
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200D0
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200BF
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F52
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200EB
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20106
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C200A4
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20025
.text C:\WINDOWS\Explorer.EXE[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F77
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1001B
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C1006F
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FC3
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10040
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00F7F
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00FAB
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00F9A
.text C:\WINDOWS\Explorer.EXE[1772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FD2
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1772] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\Explorer.EXE[1772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F70FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F70025
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F7000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F66
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60F81
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60F92
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60036
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60091
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60076
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600B3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F24
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F09
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60047
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60F4B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FC0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F6001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F600A2
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F5001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50F94
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F50047
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F5002C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F40FA1
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F4002C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F40FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F40FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F40FBC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F40FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B90022
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80087
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F92
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8006C
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F5C
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80098
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F1F
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F30
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800D3
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FC3
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F6D
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80039
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F41
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F80
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FC0
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70047
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60FBE
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60038
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60053
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B6001D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270084
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F85
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270FAC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270069
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FC7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700BC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F6A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700E1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F3E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700F2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270058
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270095
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F59
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F97
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036004A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037006E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370049
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370038
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02ACEF20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02ACEE00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02ACF060 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02ACF160 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01180000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0118001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0118002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01180FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3372] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01CF0FE5
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
OTL Log (there was not an extra.txt file created)
OTL logfile created on: 10/19/2010 10:56:13 AM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 246.39 Gb Free Space | 88.16% Space Free | Partition Type: NTFS
Computer Name: OWNER-BE85EFF1C | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Kensington\Mouse\Amoumain.exe ()
PRC - C:\Program Files\Kensington\Keyboard\Ikeymain.exe ()
PRC - C:\WINDOWS\system32\hpoipm07.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\Ikeyrfk8.dll ()
MOD - C:\WINDOWS\system32\Amhooker.dll ()
========== Win32 Services (SafeList) ==========
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (KodakDigitalDisplayService) -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks, Inc.)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (AE1000) -- C:\WINDOWS\system32\drivers\AE1000XP.sys (Ralink Technology, Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (zsi_fmw) -- C:\WINDOWS\system32\drivers\zsi_fmw.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (tandpl) -- C:\WINDOWS\system32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\WINDOWS\system32\drivers\enodpl.sys ()
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/19 08:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/25 16:45:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/10/07 06:21:08 | 000,000,000 | ---D | M]
[2010/10/17 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/17 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2008/04/11 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Sunbird\Profiles\4369zsjj.default\extensions
O1 HOSTS File: ([2010/09/04 07:51:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100921082533.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Kenkeybd] C:\Program Files\Kensington\Keyboard\Ikeymain.exe ()
O4 - HKLM..\Run: [KenMouse] C:\Program Files\Kensington\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} http://www.bxwa.com/...d/fastbidx1.cab (FastBid1 Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} http://www.bxwa.com/...bidx_plugin.cab (FastBid Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1214622308265 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/15 19:21:21 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
========== Files/Folders - Created Within 90 Days ==========
[2010/10/19 10:54:42 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/19 07:37:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/10/17 11:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2010/10/17 11:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/10/17 11:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/10/13 21:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sprint
[2010/10/07 10:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2010/10/07 10:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2010/10/07 10:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/07 10:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/09/25 16:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/25 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/25 16:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/25 16:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/09/25 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/25 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/25 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/25 16:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/06 18:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/09/06 18:36:00 | 000,816,672 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\AE1000XP.sys
[2010/09/06 18:36:00 | 000,226,592 | R--- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2010/09/06 18:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/09/05 09:50:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/04 07:44:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/04 07:42:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/04 07:42:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/04 07:42:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/04 07:42:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/30 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ICRS Script
[2010/07/26 09:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Clear Water
========== Files - Modified Within 90 Days ==========
[2010/10/19 10:54:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/19 10:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 08:17:03 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/19 07:43:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/19 07:41:23 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/19 07:41:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/19 07:41:18 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/10/19 07:41:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/19 07:41:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/19 07:05:43 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1575E5B8-C6FF-466C-87E0-76174F62A760}.job
[2010/10/17 21:22:41 | 000,028,845 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/10/17 11:14:31 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/17 11:12:20 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.16.lnk
[2010/10/13 13:50:49 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/10/13 12:31:17 | 000,724,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:13:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/10/13 12:13:45 | 000,462,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/13 12:13:45 | 000,080,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 09:37:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/09 22:28:07 | 000,131,460 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/07 10:09:46 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/10/06 21:57:10 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pages in time scrapbooks.biz
[2010/09/29 09:48:14 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 07:35:58 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ways of Being.xls
[2010/09/21 16:14:14 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Meditate.doc
[2010/09/21 12:34:07 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/20 20:15:33 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FAMILY ORDER FORM.doc
[2010/09/12 19:03:15 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Fantasy Racing Yahoo 2010.xls
[2010/09/04 07:51:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/04 07:44:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/08/26 17:09:10 | 000,066,288 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scripfamflyer.pdf
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/22 22:04:11 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\proj list MTjob.doc
[2010/08/22 10:29:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\August 22.doc
[2010/08/09 17:26:48 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
========== Files Created - No Company Name ==========
[2010/10/19 16:00:08 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/17 21:22:41 | 000,028,845 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/10/17 11:14:31 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/17 11:12:20 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.16.lnk
[2010/10/09 22:28:07 | 000,131,460 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/07 10:09:46 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/10/06 21:48:12 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\pages in time scrapbooks.biz
[2010/09/24 08:37:12 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ways of Being.xls
[2010/09/21 12:34:07 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/21 09:51:22 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Meditate.doc
[2010/09/06 18:36:00 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/09/04 07:42:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/04 07:42:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/04 07:42:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/04 07:42:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/04 07:42:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 15:29:29 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FAMILY ORDER FORM.doc
[2010/08/26 17:09:10 | 000,066,288 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scripfamflyer.pdf
[2010/08/22 21:51:40 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\proj list MTjob.doc
[2010/08/22 10:29:23 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\August 22.doc
[2010/08/09 17:51:37 | 000,003,009 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\BBMS_EXCEPTION.txt
[2010/08/09 17:26:48 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/01/03 18:57:21 | 000,034,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\zsi_fmw.sys
[2009/09/01 18:06:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/27 18:24:27 | 000,002,634 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/06/27 18:23:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007/10/22 19:35:54 | 000,000,158 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/08/26 19:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2006/10/16 16:29:16 | 000,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/02 18:01:39 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006/09/02 18:01:39 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006/06/08 20:59:30 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/07 11:16:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/07 11:00:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/07 10:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/03 21:06:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/04/03 21:06:27 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/04/03 13:06:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/10 03:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 03:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 03:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 03:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 03:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 03:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/10 03:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/08/19 11:08:46 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2003/07/07 07:49:30 | 000,095,046 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 18:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/09/06 01:43:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ikeyrfk8.dll
[2002/03/12 02:39:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
========== LOP Check ==========
[2008/06/29 09:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ace
[2009/01/13 19:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Browser
[2010/10/17 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2009/06/12 18:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KEDDS
[2009/03/20 09:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEGO Company
[2010/10/19 07:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/08/09 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2010/01/03 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sirius
[2009/06/12 18:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2009/01/04 18:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2006/12/21 19:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/09/06 18:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/03/04 15:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/06/12 18:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS
[2007/09/25 17:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/11/12 20:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/06/12 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/07/19 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/09 17:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2006/12/21 19:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/10/20 17:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RTS 8.0
[2010/09/25 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/19 07:05:43 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1575E5B8-C6FF-466C-87E0-76174F62A760}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/01/15 19:21:21 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/08 20:50:29 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/09/04 07:44:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/04 07:54:35 | 000,130,064 | ---- | M] () -- C:\ComboFix.txt
[2006/04/03 20:20:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/04/03 20:20:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/02 22:30:52 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/04/03 20:20:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/27 20:53:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/19 07:41:02 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/06/27 10:25:02 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/27 17:11:41 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/06/27 10:25:02 | 027,787,264 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/27 10:25:02 | 004,456,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-13 19:02:47
< >
< >
< End of report >
Sign In
Create Account
