Sam,
Thanks so much for your help. I apologize for not responding sooner, but I have been having a heck of a time with gmer. The scan takes hours and then apparently shuts down everything when it is complete. I have notice at least for the first hour that the info that is showing all comes up in the first few minutes. I am giving up for the time being on the full report but I have copied and pasted what comes up in the first few minutes. OTL gets a rather bad rap around the internet, but I trust that you are legit and there will be no problems. Here are my OTL logs followed by what I could get out of GMER. I am not having troubles with my search since I got rid of RegRun, but I still have an ultra slow computer at least when I first open Mozilla or IE 7, so I am hoping that you may have some good suggestions.
OTL logfile created on: 12/6/2009 1:55:33 PM - Run 2
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.36 Mb Total Physical Memory | 106.75 Mb Available Physical Memory | 23.86% Memory free
1.03 Gb Paging File | 0.55 Gb Available in Paging File | 53.18% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.34 Gb Total Space | 87.88 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 0.69 Gb Free Space | 15.56% Space Free | Partition Type: FAT32
Drive E: | 316.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CONFERENCE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/12/04 16:59:18 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/20 13:51:34 | 02,335,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/11/07 10:25:38 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/07 22:30:22 | 00,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2009/03/01 17:22:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/01 17:22:04 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/24 10:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 10:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/13 17:47:10 | 00,155,648 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/07/22 14:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/01/21 17:04:42 | 00,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2003/03/03 11:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
========== Modules (SafeList) ========== MOD - [2009/12/04 16:59:18 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:12:01 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 11:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (McDetect.exe)
SRV - File not found -- -- (BackupClientSvc)
SRV - [2009/11/26 20:54:15 | 00,224,256 | ---- | M] () -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/01 17:22:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/24 10:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2005/09/03 16:21:26 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/07/22 14:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 21:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/09 18:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 11:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\S-1-5-21-285400561-1825411671-3093264262-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.yahoo.com/"FF - prefs.js..network.proxy.no_proxies_on: "local.,"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 20:24:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 14:14:41 | 00,000,000 | ---D | M]
[2009/09/30 18:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/06 09:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ebo8sx53.default\extensions
[2009/09/30 18:16:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe File not found
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-285400561-1825411671-3093264262-1003\..Trusted Domains: 9 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () -
http://www.coloacad.org/homeimages/spacer10.gifO24 - Desktop Components:1 () -
http://www.manpb.org/mariap.jpgO24 - Desktop Components:2 () -
http://www.frontierairlines.com/images/hom...contentwell.gifO24 - Desktop Components:3 () -
http://www.chase.com/ccpmweb/generic/image...inum_middle.jpgO24 - Desktop Components:4 () -
http://us.i1.yimg.com/us.yimg.com/i/mntl/s...q2/img_dads.jpgO24 - Desktop Components:5 () -
http://www.melaleuca.com/ps/images_us/splash_main03.jpgO24 - Desktop Components:6 () -
http://www.mackintoshacademy.com/elwebport...es/moutains.jpgO24 - Desktop Components:7 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 22:19:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/12/14 06:48:00 | 00,000,052 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4bd0b4e2-d66c-11d7-9a1c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4bd0b4e2-d66c-11d7-9a1c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4bd0b4e2-d66c-11d7-9a1c-806d6172696f}\Shell\AutoRun\command - "" = E:\PXRoute.exe -- [2007/03/02 09:11:41 | 00,094,208 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2001/01/03 06:53:33 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)
========== Files/Folders - Created Within 14 Days ========== [2009/12/04 16:59:03 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/04 09:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/12/03 19:07:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/29 23:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo
[2009/11/29 23:58:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\RestoreSafeDeleted
[2009/11/29 23:47:54 | 00,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/11/29 23:47:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\RegRun2
[2009/11/29 23:46:09 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/11/29 10:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\confirmation.asp_files
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2009/12/06 01:42:16 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2009/12/04 20:08:05 | 00,015,483 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/04 20:06:56 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/12/04 20:06:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/04 20:06:42 | 46,915,9936 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/04 20:06:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/04 17:19:50 | 00,284,153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/12/04 16:59:18 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/04 10:52:42 | 00,000,406 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ChatLog New meeting 2009_12_04 10_52.rtf
[2009/12/04 10:02:52 | 00,002,162 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GoToMeeting Quick Connect.lnk
[2009/12/04 09:45:03 | 00,070,984 | ---- | M] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2009/12/03 20:11:52 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/03 20:11:52 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/03 20:11:42 | 08,582,612 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/12/03 19:07:34 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/12/03 18:56:20 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/12/03 07:47:17 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/12/02 21:23:21 | 00,055,668 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tiger.jpg
[2009/12/01 21:04:45 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nintendo game wishlist.doc
[2009/12/01 20:48:35 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mary's 2009 wishlist.doc
[2009/12/01 01:00:26 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/12/01 01:00:21 | 00,001,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/11/29 23:51:48 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/29 23:51:48 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/11/29 23:51:48 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/11/29 10:53:11 | 00,016,139 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\confirmation.asp.htm
[2009/11/29 09:08:38 | 00,463,872 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\INTERNET EXPLORER DISABLED.doc
[2009/11/28 11:28:29 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pop up blocker.doc
[2009/11/26 21:57:42 | 00,000,648 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/26 21:18:06 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job
[2009/11/26 20:58:38 | 00,049,624 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/26 20:54:15 | 00,224,256 | ---- | M] () -- C:\WINDOWS\System32\sshnas.dll
[2009/11/26 20:51:27 | 00,196,608 | ---- | M] () -- C:\WINDOWS\MSA.del
[2009/11/26 09:14:15 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/25 01:02:36 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/06 01:42:16 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2009/12/04 17:21:22 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2009/12/04 17:19:48 | 00,284,153 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/12/04 10:52:41 | 00,000,406 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ChatLog New meeting 2009_12_04 10_52.rtf
[2009/12/04 10:02:52 | 00,002,162 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GoToMeeting Quick Connect.lnk
[2009/12/04 09:45:03 | 00,070,984 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2009/12/03 18:56:14 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/12/02 21:23:18 | 00,055,668 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tiger.jpg
[2009/12/01 21:04:45 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nintendo game wishlist.doc
[2009/11/29 23:47:53 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/11/29 23:46:52 | 00,054,498 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ShLog.txt
[2009/11/29 23:46:18 | 00,057,556 | ---- | C] () -- C:\WINDOWS\guard.bmp
[2009/11/29 10:53:05 | 00,016,139 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\confirmation.asp.htm
[2009/11/29 09:08:37 | 00,463,872 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\INTERNET EXPLORER DISABLED.doc
[2009/11/28 11:28:23 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pop up blocker.doc
[2009/11/26 20:54:15 | 00,224,256 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009/11/26 20:51:39 | 00,196,608 | ---- | C] () -- C:\WINDOWS\MSA.del
[2009/11/20 14:15:27 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/22 10:22:44 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/06/08 16:14:13 | 00,001,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/05/29 08:17:53 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/05/29 08:17:53 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/12/16 14:00:49 | 00,000,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/29 07:18:31 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ariel_ss.ini
[2006/01/24 20:04:32 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/13 16:41:57 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/01/13 16:41:57 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/25 11:41:21 | 00,000,639 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/26 13:54:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/07/25 16:50:54 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/07/25 16:50:19 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2005/07/25 16:50:18 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2005/01/06 13:31:29 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/07/09 10:17:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/02 10:09:53 | 00,000,356 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/11/08 12:54:57 | 00,000,332 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/10/09 12:42:26 | 00,000,459 | ---- | C] () -- C:\WINDOWS\import.INI
[2003/09/11 20:11:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/03 12:25:00 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2003/09/03 12:25:00 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\sbaparam.dll
[2003/09/03 12:25:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\sbautils.dll
[2003/09/03 12:24:59 | 00,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2003/09/03 12:24:59 | 00,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2003/09/03 12:24:59 | 00,002,298 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2003/09/03 12:24:59 | 00,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2003/09/03 12:24:59 | 00,000,255 | ---- | C] () -- C:\WINDOWS\GrAdr16.ini
[2003/09/03 12:24:59 | 00,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2003/08/24 13:40:16 | 00,000,645 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/10 04:35:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:34:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/10 04:21:36 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 01:51:07 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:51:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 00:06:10 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 00:03:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 00:03:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/09 23:57:15 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 23:57:04 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 23:16:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/09 22:55:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/09 22:44:58 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/09 22:44:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/09 22:44:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/09 22:23:21 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 22:05:45 | 00,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 18:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/05/24 08:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 08:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 18:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
========== LOP Check ========== [2005/08/02 06:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.0 Setup
[2008/09/14 17:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/09/14 17:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2008/08/19 13:35:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/06/08 16:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/08/22 10:27:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/30 07:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/08/26 13:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/12/29 13:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/08/26 13:47:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2006/04/07 15:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VUG
[2009/04/16 20:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2003/04/10 04:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\interMute
[2003/04/09 23:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2003/04/10 00:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/01/24 20:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2006/12/16 22:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Axaware
[2008/09/15 17:57:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/08/09 12:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eFax Messenger
[2009/04/05 16:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\G7PS
[2009/11/14 19:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GOL_byHasbro
[2009/12/06 01:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2003/04/10 04:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/09 23:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/11/07 22:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2005/09/11 05:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/11/26 18:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherFree
[2005/09/27 15:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/03/13 08:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Owner
[2009/08/22 10:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2006/05/14 09:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2003/04/10 00:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/09/08 13:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2009/03/16 10:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPAMfighter
[2009/12/03 00:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/09/14 14:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VTExtra
[2009/08/01 14:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherDPA
[2009/11/15 01:24:13 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:26 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2007/05/30 13:52:43 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/12/04 20:06:56 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2009/11/26 21:18:06 | 00,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RPCReminder.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2005/03/09 11:49:12 | 14,315,500 | ---- | M] (Multi-Link Computing ) -- C:\multi link computing databank backup install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[2004/08/04 00:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[2004/08/04 00:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 >[2004/08/03 22:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 05:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2004/08/03 23:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < %SYSTEMDRIVE%\viamraid.sys /s /md5 > < %SYSTEMDRIVE%\nvata.sys /s /md5 >< End of report >
OTL Extras logfile created on: 12/4/2009 5:01:00 PM - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.36 Mb Total Physical Memory | 135.16 Mb Available Physical Memory | 30.21% Memory free
1.03 Gb Paging File | 0.58 Gb Available in Paging File | 56.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.34 Gb Total Space | 87.90 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 0.69 Gb Free Space | 15.56% Space Free | Partition Type: FAT32
Drive E: | 316.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CONFERENCE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04214FC6-598A-4819-A1BC-7AC88242C437}" = eFax Messenger 4.0
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{237a4b22-78c2-11d6-a394-00104bd190b1}" = QuickBooks Pro Edition 2003
"{2555F283-A782-4F9F-829F-268A9B0F9CC1}" = POINT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}" = HP Memories Disc
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6DD86DE9-1AE7-41B0-9326-1A90E32BAE88}" = Star Stable 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E6AE74-357C-4B33-8324-FDDC9997B4D1}" = Disney Princess Magical Dress-Up
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{85BC5C08-E73D-11D2-964D-444553540000}" = Point
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}" = Dr Watson for Microsoft Windows OneCare Live v1.0.0971.20
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9952F01-1EBB-494B-AD8C-36BCA14B0FC4}" = POINT
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"3DGroove" = 3D Groove Playback Engine
"ACT!" = ACT!
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"BackWeb-137903 Uninstaller" = Updates from HP
"Barbie Beauty Boutique CD-ROM" = Barbie Beauty Boutique CD-ROM
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DJ Music Mixer" = DJ Music Mixer
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20091102 code)
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"MailWasher Free_is1" = MailWasher Free 6.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nonosweeper_is1" = Nonosweeper v1.33
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"PhotoShow Express" = PhotoShow Express
"RealPlayer 6.0" = RealOne Player
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-285400561-1825411671-3093264262-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Five9 Agent" = Five9 Agent
"Five9 Supervisor" = Five9 Supervisor
"GoToMeeting" = GoToMeeting 4.1.0.366
"Play65" = Play65
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/30/2009 3:09:06 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Error - 11/30/2009 3:09:06 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error - 11/30/2009 3:17:22 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Error - 11/30/2009 3:18:46 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Error - 11/30/2009 3:18:46 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error - 11/30/2009 3:18:46 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error - 11/30/2009 3:18:46 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error - 11/30/2009 3:19:42 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Error - 11/30/2009 3:19:42 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error - 11/30/2009 4:00:14 AM | Computer Name = CONFERENCE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: An internal certificate chaining error has occurred.
[ System Events ]
Error - 12/4/2009 8:06:43 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:49 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:49 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:49 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:53 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:53 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:53 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:57 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:57 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
Error - 12/4/2009 8:06:57 PM | Computer Name = CONFERENCE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058
< End of report >
gmer report after 10 minutes-
GMER 1.0.15.15252 -
http://www.gmer.netRootkit scan 2009-12-06 14:20:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfdcraob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC7AE78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEC7AE821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEC7AE738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEC7AE74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEC7AE835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEC7AE861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC7AE8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC7AE8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC7AE7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC7AE8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEC7AE80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC7AE710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC7AE724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC7AE79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC7AE937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC7AE8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC7AE88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEC7AE84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC7AE923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC7AE90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC7AE776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC7AE762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEC7AE877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEC7AE7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC7AE8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC7AE7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC7AE7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 80515A6A 7 Bytes JMP EC7AE7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BF4 5 Bytes JMP EC7AE811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80573037 7 Bytes JMP EC7AE891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057791D 5 Bytes JMP EC7AE825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578A14 7 Bytes JMP EC7AE93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 7 Bytes JMP EC7AE8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP EC7AE78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP EC7AE766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP EC7AE7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP EC7AE7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP EC7AE714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP EC7AE7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8058228C 7 Bytes JMP EC7AE87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587693 7 Bytes JMP EC7AE8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP EC7AE750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP EC7AE7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP EC7AE865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP EC7AE839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP EC7AE73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1941 5 Bytes JMP EC7AE728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E2197 5 Bytes JMP EC7AE8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635977 5 Bytes JMP EC7AE77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DE6 7 Bytes JMP EC7AE8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8065570C 7 Bytes JMP EC7AE8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655B88 7 Bytes JMP EC7AE84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8065607D 5 Bytes JMP EC7AE913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564E8 5 Bytes JMP EC7AE927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF75C0A0C]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01CF0FE5
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01CF007F
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01CF0F8A
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01CF0064
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01CF003D
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01CF0FA5
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01CF00BC
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01CF00AB
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01CF00CD
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01CF0F34
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01CF00E8
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01CF002C
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01CF0000
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01CF0090
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01CF0FC0
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01CF0011
.text C:\WINDOWS\Explorer.EXE[552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01CF0F4F
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01CE0040
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01CE006C
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01CE0FEF
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01CE0025
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01CE0FAF
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01CE0000
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01CE0FC0
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 89]
.text C:\WINDOWS\Explorer.EXE[552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01CE0051
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01CD0FB7
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!system 77C293C7 5 Bytes JMP 01CD0FD2
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01CD001D
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01CD0000
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01CD0038
.text C:\WINDOWS\Explorer.EXE[552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01CD0FE3
.text C:\WINDOWS\Explorer.EXE[552] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AF0000
.text C:\WINDOWS\Explorer.EXE[552] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AF0011
.text C:\WINDOWS\Explorer.EXE[552] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AF0022
.text C:\WINDOWS\Explorer.EXE[552] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01AF0FC7
.text C:\WINDOWS\Explorer.EXE[552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B00000
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F8D
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0082
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00B8
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF009D
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F26
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00C9
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F15
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0F7C
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F55
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0F5E
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE0FC0
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0FDB
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0F79
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DE0F8A
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FE, 88]
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE0FAF
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0FAB
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FBC
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FD7
.text C:\WINDOWS\system32\services.exe[716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020F5C
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020F77
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020051
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020F94
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020036
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020089
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F41
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020EF0
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020F01
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020EDF
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020FAF
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0102006C
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020011
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F26
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01010FDB
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0101006F
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0101002C
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01010011
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01010FA8
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01010FB9
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 89]
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01010FCA
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF003D
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FB2
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0022
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\lsass.exe[728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B4005B
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40F66
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40F83
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40FA8
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F3A
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40076
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40F15
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400AE
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B400C9
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B40025
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B40F55
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B4009D
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B3002C
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30FA8
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B30FB9
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B30051
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2002C
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20FA1
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FD7
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FBC
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F68
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30067
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30F83
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30F4B
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30093
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300E4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E300D3
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E30F3A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30078
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E300AE
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E20FB9
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20F8D
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E20FCA
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E20FA8
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E20040
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E2002F
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10FC1
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10FD2
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E1001D
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10038
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00000
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03900000
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03900F91
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03900090
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03900073
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03900FB6
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03900047
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03900F5E
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03900F6F
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03900F32
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 039000D5
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 039000E6
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03900062
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03900FE5
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03900F80
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03900036
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0390001B
.text C:\WINDOWS\System32\svchost.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03900F4D
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 038F0FC3
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 038F006F
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 038F0FD4
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 038F000A
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 038F0054
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 038F0FEF
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 038F0FB2
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AF, 8B]
.text C:\WINDOWS\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 038F002F
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 038E0033
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 038E0FB2
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 038E0FD4
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 038E000C
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 038E0FC3
.text C:\WINDOWS\System32\svchost.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 038E0FEF
.text C:\WINDOWS\System32\svchost.exe[992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 038D0000
.text C:\WINDOWS\System32\svchost.exe[992] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 038B0FEF
.text C:\WINDOWS\System32\svchost.exe[992] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 038B0FD4
.text C:\WINDOWS\System32\svchost.exe[992] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 038B000A
.text C:\WINDOWS\System32\svchost.exe[992] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 038B001B
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0000
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B0F37
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B002C
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0F52
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0F6F
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0F94
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B007F
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B0058
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B0F01
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B0F12
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007B0EE6
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007B001B
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007B0047
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007B0FB9
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007B009A
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A0FAF
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0F79
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0FCA
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A0036
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007A001B
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A0F9E
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0079005F
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790044
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790033
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790000
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00790FDE
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FEF
.text C:\WINDOWS\System32\svchost.exe[1092] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0098
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0FAD
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C007D
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0047
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F7C
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C00C4
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F57
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00F0
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0F3C
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C006C
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0011
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C00B3
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0036
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00DF
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B002C
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0062
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B001B
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0051
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FA5
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FAD
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0042
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FE3
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FC8
.text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A001D
.text C:\WINDOWS\System32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB00B3
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB00A2
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0091
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0080
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB005B
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F7E
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00C4
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0117
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0106
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0132
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F99
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0036
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0025
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00EB
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093005B
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDE
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930040
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA8
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F86
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC6
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FB5
.text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40056
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40045
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F6B
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F7C
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A4009F
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A4008E
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400CB
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F32
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400DC
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40F8D
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40071
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\System32\svchost.exe[2052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400BA
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F94
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30025
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30000
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30051
.text C:\WINDOWS\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30040
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20069
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20044
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20029
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\System32\svchost.exe[2052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2000C
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F7006E
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F7005D
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F83
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F94
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7001B
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F26
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F37
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700BF
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700AE
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700DA
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70040
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FDB
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F5E
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FAF
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FC0
.text C:\Program Files\Messenger\msmsgs.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70089
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50038
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FAD
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FD2
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5001D
.text C:\Program Files\Messenger\msmsgs.exe[2072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FE3
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FC0
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60058
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FD1
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60011
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F9B
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60047
.text C:\Program Files\Messenger\msmsgs.exe[2072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6002C
.text C:\Program Files\Messenger\msmsgs.exe[2072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\Program Files\Messenger\msmsgs.exe[2072] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E10FEF
.text C:\Program Files\Messenger\msmsgs.exe[2072] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E10FCA
.text C:\Program Files\Messenger\msmsgs.exe[2072] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E10000
.text C:\Program Files\Messenger\msmsgs.exe[2072] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E10FAF
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)