Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect


  • This topic is locked This topic is locked
7 replies to this topic

#1 maddab79

maddab79

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 12 February 2011 - 07:43 PM

I have been infected by some type of malware that redirects my search engine. When I search Google for example and I click on one of the links I am redirected to some random page such as Sedonainstaller. The post was too long so I will follow this up with the scans.

Thanks, Mark

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-13 01:32:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\uwtdapoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF786D0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF786D0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF786D120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF786D176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF786D0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF786D0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF786D0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF786D10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF786D14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF786D136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF786D1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF786D18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF786D160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9923EBF]
.rsrc C:\WINDOWS\system32\DRIVERS\termdd.sys entry point in ".rsrc" section [0xBA729214]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE0FE5
.text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F80
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0075
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F9B
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0058
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0047
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F48
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0F65
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00B5
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F26
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F01
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0FC0
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0011
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0090
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FDB
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED002C
.text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F37
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40087
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F4005B
.text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40040
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20055
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20029
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F2000C
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20044
.text C:\WINDOWS\system32\svchost.exe[432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[432] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[432] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\svchost.exe[432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\svchost.exe[432] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\svchost.exe[432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01760000
.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01760FEF
.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0176001B
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01750FEF
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01750067
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01750F72
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0175004C
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0175002F
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01750F9E
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01750F3C
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01750F4D
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01750F17
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017500BA
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01750F06
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01750F8D
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01750FDE
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01750078
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01750014
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01750FCD
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0175009F
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 017A0FC3
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 017A0039
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 017A0FD4
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 017A000A
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 017A0F7C
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 017A0FEF
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 017A0F8D
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 89]
.text C:\WINDOWS\system32\svchost.exe[596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 017A0FA8
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0179005A
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!system 77C293C7 5 Bytes JMP 01790FD9
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01790038
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01790000
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01790049
.text C:\WINDOWS\system32\svchost.exe[596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01790011
.text C:\WINDOWS\system32\svchost.exe[596] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01770FEF
.text C:\WINDOWS\system32\svchost.exe[596] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01770FDE
.text C:\WINDOWS\system32\svchost.exe[596] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0177001E
.text C:\WINDOWS\system32\svchost.exe[596] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01770FCD
.text C:\WINDOWS\system32\svchost.exe[596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01780FEF
.text C:\WINDOWS\system32\dllhost.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\dllhost.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\dllhost.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED00BD
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED00A2
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0091
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0076
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F81
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0F92
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F41
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00DA
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00EB
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0FAD
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED001B
.text C:\WINDOWS\system32\dllhost.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F5C
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10FB7
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10042
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10031
.text C:\WINDOWS\system32\dllhost.exe[860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FC3
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20054
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20043
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [12, 89]
.text C:\WINDOWS\system32\dllhost.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20FB2
.text C:\WINDOWS\system32\dllhost.exe[860] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\dllhost.exe[860] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[860] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EF002F
.text C:\WINDOWS\system32\dllhost.exe[860] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00EF004A
.text C:\WINDOWS\system32\dllhost.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F5E
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F6F
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F8A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F9B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9007A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F32
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900C4
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F21
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900DF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4D
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9009F
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F0, 88]
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0F9C
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0FAD
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF000C
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF001D
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FD2
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0142000A
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01420025
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01420FEF
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01410000
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0141007F
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01410F8A
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0141006E
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01410FA5
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01410FD1
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014100B7
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01410F6F
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014100FE
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014100ED
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0141010F
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01410FB6
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01410011
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0141009A
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01410047
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0141002C
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014100D2
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 015B0FB9
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 015B0F83
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 015B0FD4
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 015B0FE5
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 015B004A
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 015B0000
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 015B002F
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 015B0FA8
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 015A0FB0
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 015A0FC1
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015A001D
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 015A0000
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 015A0FD2
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 015A0FE3
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0143000A
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01430025
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01430040
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01430051
.text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01440FEF
.text C:\WINDOWS\system32\services.exe[1644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[1644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F9B
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0090
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE007F
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0062
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE00D2
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00B5
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F68
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F79
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0F57
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0051
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F8A
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\services.exe[1644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00ED
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0054
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0014
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0043
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FA1
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\system32\services.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FB2
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0007005F
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 0007004E
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070033
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[1644] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1644] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[1644] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00050FCA
.text C:\WINDOWS\system32\services.exe[1644] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[1644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\lsass.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\lsass.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60076
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60F81
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60F9C
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60065
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60F4B
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F5C
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60F15
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600AE
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60EFA
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F6004A
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60087
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\lsass.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F30
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50047
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50091
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F5001B
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50080
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F50FD4
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 89]
.text C:\WINDOWS\system32\lsass.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D2004E
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20033
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FD7
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20022
.text C:\WINDOWS\system32\lsass.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\lsass.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\lsass.exe[1656] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[1656] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\lsass.exe[1656] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\lsass.exe[1656] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB001B
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E0007D
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00F92
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E0006C
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E00051
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E0002F
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E00F52
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E0009A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E00F01
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E00F12
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E00EE6
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E00040
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00F63
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E00FC3
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E00F37
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF009B
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF002C
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF0080
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FF, 88]
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0051
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0066
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0055
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0029
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE000C
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0044
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DC0014
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00DC002F
.text C:\WINDOWS\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE002C
.text C:\WINDOWS\system32\svchost.exe[1904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0082
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0F8D
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F57
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F72
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F3C
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00D5
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F2B
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF009D
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00BA
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE005B
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE004A
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10FA6
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FC1
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10027
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FE3
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EF0FC3
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00EF0FA8
.text C:\WINDOWS\system32\svchost.exe[1904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\System32\svchost.exe[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 04D20FEF
.text C:\WINDOWS\System32\svchost.exe[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04D20011
.text C:\WINDOWS\System32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 04D20000
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04D10FEF
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04D10F9E
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04D10FAF
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04D10089
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04D1006C
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04D10036
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04D10F7C
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04D10F8D
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04D10F61
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04D100F0
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04D1010B
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04D10051
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04D1000A
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04D100B8
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04D10FD4
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04D10025
.text C:\WINDOWS\System32\svchost.exe[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04D100DF
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04DA002C
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04DA0073
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04DA0FDB
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04DA0011
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04DA0062
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04DA0000
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04DA0FC0
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FA, 8C]
.text C:\WINDOWS\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04DA0047
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04D90FB9
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 04D9003A
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04D90018
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04D90FEF
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04D90029
.text C:\WINDOWS\System32\svchost.exe[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04D90FDE
.text C:\WINDOWS\System32\svchost.exe[1948] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04D70000
.text C:\WINDOWS\System32\svchost.exe[1948] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04D70011
.text C:\WINDOWS\System32\svchost.exe[1948] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04D70FE5
.text C:\WINDOWS\System32\svchost.exe[1948] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 04D70036
.text C:\WINDOWS\System32\svchost.exe[1948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 04D8000A
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008C001B
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00B5
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A009A
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0089
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00E1
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00D0
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0114
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0103
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0125
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00F2
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F0036
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F0087
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0011
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F0FDB
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F006C
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008F0FCA
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AF, 88]
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F0047
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0FD2
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E005D
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0027
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0042
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 008D0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\system32\wuauclt.exe[2044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090014
.text C:\WINDOWS\system32\wuauclt.exe[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001E000A
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001E0F72
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001E0071
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001E004A
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001E0F8D
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001E0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001E00A9
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001E0F61
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001E00D8
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001E0F3F
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001E00F3
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001E0FA8
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001E008C
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001E0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001E001B
.text C:\WINDOWS\system32\wuauclt.exe[2044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001E0F50
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D004E
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D002C
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0000
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D003D
.text C:\WINDOWS\system32\wuauclt.exe[2044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0011
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E0076
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E001B
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002E005B
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002E0000
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002E0040
.text C:\WINDOWS\system32\wuauclt.exe[2044] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002E0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2044] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2044] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2044] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\wuauclt.exe[2044] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 008F001B
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\System32\svchost.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE001B
.text C:\WINDOWS\System32\svchost.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD004E
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD003D
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F6F
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F80
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0022
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD006B
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F23
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0090
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0EF7
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EDC
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F91
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F3E
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0011
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F12
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 001A0062
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E0069
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010E0033
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010E004E
.text C:\WINDOWS\System32\svchost.exe[2492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010E0018
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00FF0014
.text C:\WINDOWS\System32\svchost.exe[2492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010D000A
.text C:\WINDOWS\system32\svchost.exe[2988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[2988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EB002C
.text C:\WINDOWS\system32\svchost.exe[2988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA007D
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA006C
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA005B
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0F9E
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0025
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F50
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0098
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA00CE
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F35
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA00DF
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0036
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA0F6D
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0FC3
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\system32\svchost.exe[2988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA00B3
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF002C
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F9B
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FDB
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0011
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF004E
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0FB6
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\svchost.exe[2988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF003D
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0027
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0F92
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE000C
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FB7
.text C:\WINDOWS\system32\svchost.exe[2988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FD2
.text C:\WINDOWS\system32\svchost.exe[2988] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[2988] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[2988] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\svchost.exe[2988] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\svchost.exe[2988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[3344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[3344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\svchost.exe[3344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70078
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70F83
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E7005D
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70FA8
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E700B5
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E700A4
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E700DA
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70F41
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E70F30
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E70093
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\svchost.exe[3344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E70F5C
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0051
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB007D
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB002C
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB0FC0
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 89]
.text C:\WINDOWS\system32\svchost.exe[3344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB006C
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0053
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0038
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA000C
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA0027
.text C:\WINDOWS\system32\svchost.exe[3344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FDE
.text C:\WINDOWS\system32\svchost.exe[3344] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[3344] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[3344] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\system32\svchost.exe[3344] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\Explorer.EXE[4040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[4040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FC3
.text C:\WINDOWS\Explorer.EXE[4040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FD4
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D000A
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D0F99
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D0FB4
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0FC5
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D008E
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D0062
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D0F77
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D00BF
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0F44
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D0F55
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D0F33
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0073
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D001B
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0F88
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D0047
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D0036
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D0F66
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C005B
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C0036
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FAF
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0042
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0FB7
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0000
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D0027
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0FE3
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002F0FEF
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002F0FDE
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002F0014
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 002F002F
.text C:\WINDOWS\Explorer.EXE[4040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B50FEF
.text C:\Program Files\Messenger\msmsgs.exe[4880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00080FE5
.text C:\Program Files\Messenger\msmsgs.exe[4880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00080FD4
.text C:\Program Files\Messenger\msmsgs.exe[4880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00080000
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D0000
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D00BA
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D0FBB
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0095
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D007A
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D004E
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D00DC
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D00CB
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0119
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D00FE
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D0134
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0069
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D0011
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0FA0
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D003D
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D002C
.text C:\Program Files\Messenger\msmsgs.exe[4880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D00ED
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002C0FAD
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!system 77C293C7 5 Bytes JMP 002C0FBE
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002C0038
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002C0FD9
.text C:\Program Files\Messenger\msmsgs.exe[4880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002C001D
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002D0FCA
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002D0F7C
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002D0FE5
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002D001B
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002D0F8D
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002D000A
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002D0FA8
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4D, 88]
.text C:\Program Files\Messenger\msmsgs.exe[4880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002D0FB9
.text C:\Program Files\Messenger\msmsgs.exe[4880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002E0FEF
.text C:\Program Files\Messenger\msmsgs.exe[4880] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002F0000
.text C:\Program Files\Messenger\msmsgs.exe[4880] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002F0FEF
.text C:\Program Files\Messenger\msmsgs.exe[4880] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002F0FDE
.text C:\Program Files\Messenger\msmsgs.exe[4880] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 002F002F
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002D0F83
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002D0078
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002D0F94
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002D0047
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002D0FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002D0F4B
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002D0093
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002D00AE
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002D0F15
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002D00C9
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002D002C
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002D0F72
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002D0FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002D0011
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002D0F30
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003C0039
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003C0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003C0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003C0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003C006F
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003C0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5C, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003C0054
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D0042
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D0031
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D0FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 002B7087
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 002B6E8B
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00580000
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!send 71AB4C27 5 Bytes JMP 002B6A13
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 002B6C10
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!recv 71AB676F 5 Bytes JMP 002B6A86
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 002B6B61
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA0025
.text C:\Program Files\Internet Explorer\iexplore.exe[7056] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00BA0040
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002D0F4F
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002D0044
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002D0033
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002D0F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002D0F06
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002D0F17
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002D0EDA
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002D0EEB
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002D008E
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002D0011
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002D0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002D0F34
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002D0FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002D0069
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003C001B
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003C003D
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003C0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003C0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003C0F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 003C002C
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003C0FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D003D
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D0011
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 002B7087
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 002B6E8B
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00580FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 002B6A13
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 002B6C10
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 002B6A86
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 002B6B61
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA001B
.text C:\Program Files\Internet Explorer\iexplore.exe[7148] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00BA0FCA

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A035AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A035AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A035AF1

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs A64C2400
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1200BEVS-22UST0___________________01.01A01#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 70
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 66

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 234441392 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\termdd.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mark at 1:21:54.29 on Sun 02/13/2011
internet explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2017 [GMT 1:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dleecoms.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Dell V715w\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell V715w\dleemon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Mark\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\MZCOTP80\dds[1].scr

============== Running Processes ===============

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dleecoms.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Dell V715w\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell V715w\dleemon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Mark\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\MZCOTP80\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 0 (0x0)
Disable Script Debugger REG_SZ yes
Search Bar REG_SZ http://www.google.com/ie
Use Custom Search URL REG_DWORD 0 (0x0)
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.google.com
Enable Browser Extensions REG_SZ yes
Use Search Asst REG_SZ no
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY 9ad1431f45bbca01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY 3ebac77c88aaca01
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
DisableScriptDebuggerIE REG_SZ yes
Page_Transitions REG_DWORD 1 (0x1)
UseThemes REG_DWORD 1 (0x1)
Force Offscreen Composition REG_DWORD 0 (0x0)
SmoothScroll REG_DWORD 1 (0x1)
Enable AutoImageResize REG_SZ yes
Show image placeholders REG_DWORD 0 (0x0)
Print_Background REG_SZ no
DOMStorage REG_DWORD 1 (0x1)
StatusBarWeb REG_DWORD 1 (0x1)
SearchControlWidth REG_DWORD 300 (0x12c)
ForceGDIPlus REG_DWORD 0 (0x0)
SuppressScriptDebuggerDialog REG_DWORD 0 (0x0)
CSS_Compat REG_SZ doctype
Display Inline Videos REG_DWORD 1 (0x1)
Use Stylesheets REG_DWORD 1 (0x1)
UseHR REG_DWORD 0 (0x0)
Q300829 REG_DWORD 0 (0x0)
Cleanup HTCs REG_DWORD 0 (0x0)
XDomainRequest REG_DWORD 1 (0x1)
IE8TourNoShow REG_DWORD 0 (0x0)
FrameTabWindow REG_DWORD 1 (0x1)
AdminTabProcs REG_DWORD 1 (0x1)
SessionMerging REG_DWORD 1 (0x1)
FrameMerging REG_DWORD 1 (0x1)
HangResistantFrame REG_DWORD 0 (0x0)
TabShutdownDelay REG_DWORD 60000 (0xea60)
FrameShutdownDelay REG_DWORD 0 (0x0)
FullScreen REG_SZ no
Window_Placement REG_BINARY 2c0000000000000001000000ffffffffffffffffffffffffffffffff2c0000002c0000004c03000066020000
CompatibilityFlags REG_DWORD 0 (0x0)
Start Page Redirect Cache_TIMESTAMP REG_BINARY 26eb4c7088aaca01
Start Page Redirect Cache AcceptLangs REG_SZ en-us
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 78d0051745bbca01
NotifyDownloadComplete REG_SZ yes
HistoryViewType REG_BINARY 08006663030000000000
HistoryTopNSitesView REG_DWORD 20 (0x14)
ControlTooltipCount REG_DWORD 2 (0x2)
Check_Associations REG_SZ no
NscSingleExpand REG_DWORD 0 (0x0)
Error Dlg Displayed On Every Error REG_SZ no
EnableSearchPane REG_DWORD 0 (0x0)
AllowWindowReuse REG_DWORD 1 (0x1)
Friendly http errors REG_SZ no
AutoSearch REG_DWORD 4 (0x4)
AutoHide REG_SZ yes
Error Dlg Details Pane Open REG_SZ no
FormSuggest PW Ask REG_SZ no
Save Directory REG_SZ c:\Documents and Settings\Mark\My Documents\My Dropbox\Personal\Trying to Figure Out My Lifee\
Use FormSuggest REG_SZ Yes

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Touch

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 5.50.4134.100
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
StatusBarWeb REG_DWORD 1 (0x1)
SearchControlWidth REG_DWORD 300 (0x12c)
ForceGDIPlus REG_DWORD 0 (0x0)
DEPOff REG_DWORD 0 (0x0)
MaxRenderLine REG_DWORD 4000 (0xfa0)
UseClearType REG_SZ yes
Page_Transitions REG_DWORD 1 (0x1)
Use_DlgBox_Colors REG_SZ yes
Anchor Underline REG_SZ yes
Display Inline Images REG_SZ yes
Display Inline Videos REG_DWORD 1 (0x1)
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Print_Background REG_SZ no
SmoothScroll REG_DWORD 1 (0x1)
XMLHTTP REG_DWORD 1 (0x1)
Show image placeholders REG_DWORD 0 (0x0)
Disable Script Debugger REG_SZ yes
Enable AutoImageResize REG_SZ yes
XDomainRequest REG_DWORD 1 (0x1)
DOMStorage REG_DWORD 1 (0x1)
IE8RunOnceLastShown REG_DWORD 0 (0x0)
IE8RunOncePerInstallCompleted REG_DWORD 0 (0x0)
IE8TourNoShow REG_DWORD 0 (0x0)
IE8TourShown REG_DWORD 0 (0x0)
FrameTabWindow REG_DWORD 1 (0x1)
AdminTabProcs REG_DWORD 1 (0x1)
SessionMerging REG_DWORD 1 (0x1)
FrameMerging REG_DWORD 1 (0x1)
HangResistantFrame REG_DWORD 0 (0x0)
TabShutdownDelay REG_DWORD 60000 (0xea60)
FrameShutdownDelay REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\WindowsSearch

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EnableNegotiate REG_DWORD 1 (0x1)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
ProxyEnable REG_DWORD 0 (0x0)
GlobalUserOffline REG_DWORD 0 (0x0)
PrivDiscUiShown REG_DWORD 1 (0x1)
EnableAutodial REG_DWORD 0 (0x0)
UrlEncoding REG_DWORD 0 (0x0)
SecureProtocols REG_DWORD 40 (0x28)
ZonesSecurityUpgrade REG_BINARY d6aa7098827cca01
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 0 (0x0)
ProxyHttp1.1 REG_DWORD 1 (0x1)
ShowPunycode REG_DWORD 0 (0x0)
EnablePunycode REG_DWORD 1 (0x1)
DisableIDNPrompt REG_DWORD 0 (0x0)
CertificateRevocation REG_DWORD 0 (0x0)
WarnonBadCertRecving REG_DWORD 1 (0x1)
WarnOnPostRedirect REG_DWORD 1 (0x1)
CreateUriCacheSize REG_DWORD 80 (0x50)
CoInternetCombineIUriCacheSize REG_DWORD 80 (0x50)
SecurityIdIUriCacheSize REG_DWORD 30 (0x1e)
SpecialFoldersCacheSize REG_DWORD 8 (0x8)
WarnOnIntranet REG_DWORD 0 (0x0)
ProxyOverride REG_SZ *.local

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Http Filters

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Protocols

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\TemplatePolicies

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Url History

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\internet explorer\search does not exist!


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
SearchAssistant REG_SZ http://www.google.com/ie
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: .default\software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Mark
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Mark
AltDefaultDomainName REG_SZ LAPTOP
DefaultDomainName REG_SZ LAPTOP
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Device REG_SZ Dell V715w (Network),winspool,Ne04:
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0941C58F-E461-4E03-BD7D-44C27392ADE1} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2ED2390A-E6F6-F895-FE75-013E2D97184A} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: NoExplorer - No File
urun: [swg] "c:\Program Files\Google\GoogleToolbarNotifiere\GoogleToolbarNotifier.exe"
urun: [WxZXSgYvbmo] c:\Documents and Settings\All Users\Application Datae\WxZXSgYvbmo.exe
urun: [TOSCDSPD] c:\Program Files\TOSHIBA\TOSCDSPDe\toscdspd.exe
urun: [Skype] "c:\Program Files\Skype\Phonee\Skype.exe" /nosplash /minimized
urun: [RvT7Nad0] c:\Documents and Settings\All Users\Application Datae\RvT7Nad0.exe
urun: [MSMSGS] "c:\Program Files\Messengere\msmsgs.exe" /background
urun: [Google Update] "c:\Documents and Settings\Mark\Local Settings\Application Data\Google\Updatee\GoogleUpdate.exe" /c
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [CBhwqClCCI.exe] c:\Documents and Settings\All Users\Application Datae\CBhwqClCCI.exe
mrun: [Tvs] c:\Program Files\Toshiba\Tvse\TvsTray.exe
mrun: [TPSMain] TPSMain.exe
mrun: [TkBellExe] "c:\Program Files\Common Files\Real\Update_OBe\realsched.exe" -osboot
mrun: [THotkey] c:\Program Files\Toshiba\Toshiba Applete\thotkey.exe
mrun: [TFncKy] TFncKy.exe
mrun: [TDispVol] TDispVol.exe
mrun: [SynTPLpr] c:\Program Files\Synaptics\SynTPe\SynTPLpr.exe
mrun: [SynTPEnh] c:\Program Files\Synaptics\SynTPe\SynTPEnh.exe
mrun: [SmoothView] c:\Program Files\TOSHIBA\TOSHIBA Zooming Utilitye\SmoothView.exe
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\qttask.exe" -atboottime
mrun: [Pinger] c:\toshiba\ivp\isme\pinger.exe /run
mrun: [PadTouch] c:\Program Files\TOSHIBA\Touch and Launche\PadExe.exe
mrun: [NokiaMServer] c:\Program Files\Common Files\Nokia\MPlatforme\NokiaMServer /watchfiles startup
mrun: [MSKDetectorExe] c:\Program Files\McAfee\SpamKillere\MSKDetct.exe /uninstall
mrun: [mcui_exe] "c:\Program Files\McAfee.com\Agente\mcagent.exe" /runkey
mrun: [McPvTray] c:\Program Files\McAfee\Anti-Thefte\McPvTray.exe
mrun: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\QuickCam10e\QuickCam10.exe" /hide
mrun: [LogitechCommunicationsManager] "c:\Program Files\Common Files\LogiShrd\LComMgre\Communications_Helper.exe"
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Synce\IntuitSyncManager.exe startup
mrun: [IntelZeroConfig] "c:\Program Files\Intel\Wireless\bine\ZCfgSvc.exe"
mrun: [IntelWireless] "c:\Program Files\Intel\Wireless\Bine\ifrmewrk.exe" /tf Intel PROSet/Wireless
mrun: [igfxtray] c:\WINDOWS\system32e\igfxtray.exe
mrun: [igfxpers] c:\WINDOWS\system32e\igfxpers.exe
mrun: [igfxhkcmd] c:\WINDOWS\system32e\hkcmd.exe
mrun: [GrooveMonitor] "c:\Program Files\Microsoft Office\Office12e\GrooveMonitor.exe"
mrun: [Google Quick Search Box] "c:\Program Files\Google\Quick Search Boxe\GoogleQuickSearchBox.exe" /autorun
mrun: [EzPrint] "c:\Program Files\Dell V715we\ezprint.exe"
mrun: [ehTray] c:\WINDOWS\ehomee\ehtray.exe
mrun: [dleemon.exe] "c:\Program Files\Dell V715we\dleemon.exe"
mrun: [Dell V715w Fax Server] "c:\Program Files\Dell V715we\fm3032.exe" /s
mrun: [AGRSMMSG] AGRSMMSG.exe
mrun: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Readere\Reader_sl.exe"
mrun: [Adobe ARM] "c:\Program Files\Common Files\Adobe\ARM\1.0e\AdobeARM.exe"
mrun: [accrdsub] "c:\Program Files\ActivIdentity\ActivCliente\accrdsub.exe"
c:\DOCUME~1\Mark\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Documents and Settings\Mark\Application Data\Dropbox\bine\Dropbox.exe
c:\DOCUME~1\Mark\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office12e\ONENOTEM.EXE
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivCliente\acsagent.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdatee\qbupdate.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\RAMASST.lnk - C:\WINDOWS\system32e\RAMASST.exe

ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Google Sidewiki...
ie: <NO NAME> REG_SZ res://c:\Program Files\Google\Google Toolbar\Componente\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
ie: Contexts REG_DWORD 19 (0x13)

ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
ie: { MenuText - REG_SZ Sun Java Console

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
ie: { KeyPath - REG_SZ Yes
ie: { ButtonText - REG_SZ Send to OneNote
ie: { MenuText - REG_SZ S&end to OneNote
ie: { ToolTip - REG_SZ Send to OneNote
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
ie: { Default Visible - REG_SZ yes
ie: { ButtonText - REG_SZ Skype Plug-In
ie: { Icon - REG_SZ c:\Program Files\Skype\Toolbars\Internet Explorere\icon.ico
ie: { HotIcon - REG_SZ c:\Program Files\Skype\Toolbars\Internet Explorere\icon.ico
ie: { MenuText - REG_SZ Skype Plug-In
ie: { MenuStatusBar - REG_SZ Skype Plug-In

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBAR.ICO
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBARH.ICO
ie: { ButtonText - REG_SZ Research
ie: { Default Visible - REG_SZ Yes

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
ie: { MenuText - REG_SZ @xpsp3res.dll,-20001
ie: { Exec - REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - {cafeefac-0015-0000-0004-abcdeffedcbc}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {48E73304-E1D6-4330-914C-F5F514E3486C} - {48e73304-e1d6-4330-914c-f5f514e3486c}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898ea8c8-e7ff-479b-8935-aec46303b9e5}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In
<NO NAME> REG_SZ Garmin Communicator Plug-In
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In\Contains\Files
c:\WINDOWS\Downloaded Program Filese\GarminAxControl.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In\DownloadInformation
CODEBASE REG_SZ https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
OSD REG_SZ c:\WINDOWS\Downloaded Program Filese\OSDA77.OSD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In\InstalledVersion
<NO NAME> REG_SZ 2,9,2,0
LastModified REG_SZ Fri, 26 Mar 2010 13:27:00 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\Contains\Files
c:\Program Files\Microsoft Office\Office12e\IEAWSDC.DLL REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\DownloadInformation
CODEBASE REG_SZ http://office.microsoft.com/sites/production/ieawsdc32.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\ieawsdc.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\InstalledVersion
<NO NAME> REG_SZ 14,0,5506,0
LastModified REG_SZ Wed, 20 May 2009 22:44:30 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation
CODEBASE REG_SZ http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\swdir.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}\InstalledVersion
<NO NAME> REG_SZ 11,5,6,606
LastModified REG_SZ Tue, 12 Jan 2010 06:53:58 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.5.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.5.0.4

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.5.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.5.0.4

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains\Files
c:\WINDOWS\system32e\atl.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\gp.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation
CODEBASE REG_SZ http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\gp.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\InstalledVersion
<NO NAME> REG_SZ 1,6,2,53
LastModified REG_SZ Wed, 02 Dec 2009 03:43:49 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\PURen-us.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\MsnPUpld.dll REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\DownloadInformation
CODEBASE REG_SZ http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\MsnUpld.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\InstalledVersion
<NO NAME> REG_SZ 15,1,100,0
LastModified REG_SZ Thu, 20 Aug 2009 00:25:10 GMT

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NameServer REG_SZ
CLSID - REG_SZ {5f0c266a-be66-4416-9af0-c240174e1599} -
CLSID - REG_SZ {5513F07E-936B-4E52-9B00-067394E91CC5} -
CLSID - REG_SZ {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
CLSID - REG_SZ {84D77A00-41B5-4b8b-8ADF-86486D72E749} -
CLSID - REG_SZ {FC598A64-626C-4447-85B8-53150405FD57} -
CLSID - REG_SZ {5513F07E-936B-4E52-9B00-067394E91CC5} -
CLSID - REG_SZ {91774881-D725-4E58-B298-07617B9B86A8} -
CLSID - REG_SZ {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
CLSID - REG_SZ {9D6CC632-1337-4a33-9214-2DA092E776F4} -
appinit_dlls: c:\PROGRA~1\Google\GOOGLE~1e\GOEC62~1.DLL
ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\WINDOWS\system32e\WPDShServiceObj.dll
Groove GFS Stub Execution Hook

Written by Bobbi Flekman 2006 ©

<NO NAME> REG_SZ Groove GFS Stub Execution Hook

<NO NAME> REG_SZ c:\Program Files\Microsoft Office\Office12e\GrooveShellExtensions.dll
seh: ThreadingModel REG_SZ Both

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
LsaPid REG_DWORD 1656 (0x678)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 1 (0x1)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;c:\WINDOWS\system32\driverse\McPvDrv.sys [2009-11-17 63080]
R0 mfehidk;McAfee Inc. mfehidk;c:\WINDOWS\system32\driverse\mfehidk.sys [2010-5-1 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\WINDOWS\system32\driverse\mfetdi2k.sys [2010-5-1 84072]
R2 accoca;ActivClient Middleware Service;c:\Program Files\ActivIdentity\ActivCliente\accoca.exe [2008-5-30 198184]
R2 Akamai;Akamai NetSession Interface;c:\WINDOWS\System32e\svchost.exe -k Akamai [2006-2-15 14336]
R2 dlee_device;dlee_device;c:\WINDOWS\system32\dleecoms.exe -service --> C:\WINDOWS\system32e\dleecoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\Program Files\McAfee\SiteAdvisore\McSACore.exe [2010-1-25 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\Program Files\Common Files\Mcafee\McSvcHoste\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McrdSvc;Media Center Extender Service;c:\WINDOWS\ehomee\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\Program Files\Common Files\McAfee\SystemCoree\mcshield.exe [2010-5-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\Program Files\Common Files\McAfee\SystemCoree\mfefire.exe [2010-5-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\Program Files\Common Files\McAfee\SystemCoree\mfevtps.exe [2010-5-1 141792]
R3 cfwids;McAfee Inc. cfwids;c:\WINDOWS\system32\driverse\cfwids.sys [2010-5-1 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\WINDOWS\system32\driverse\mfeavfk.sys [2010-5-1 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\WINDOWS\system32\driverse\mfebopk.sys [2010-5-1 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\WINDOWS\system32\driverse\mfefirek.sys [2010-5-1 313288]
R3 mfendiskmp;mfendiskmp;c:\WINDOWS\system32\driverse\mfendisk.sys [2010-5-1 88544]
R3 OMNCMBP;Omnikey AG CardMan 4000 PCMCIA Smart Card Reader;c:\WINDOWS\system32\driverse\cmbp0wdm.sys [2009-12-13 20736]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\WINDOWS\system32\spool\drivers\w32x86\3e\dleeserv.exe [2010-7-17 98984]
S2 gupdate;Google Update Service (gupdate);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2010-1-29 135664]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\Program Files\SolidWorks Corp\SolidWorks\swSchedulere\DTSCoordinatorService.exe [2010-6-15 87336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\WINDOWS\system32\driverse\mfendisk.sys [2010-5-1 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\WINDOWS\system32\driverse\mferkdet.sys [2010-5-1 84264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\WINDOWS\system32\driverse\nmwcdnsu.sys [2010-9-24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\WINDOWS\system32\driverse\nmwcdnsuc.sys [2010-9-24 8320]
S3 SVRPEDRV;SVRPEDRV; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86e\msvsmon.exe [2005-9-23 2799808]

=============== File Associations ===============

::RecordNow.GI="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
::RecordNow.ISO="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
::RecordNow.PXJ="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
Access.ACCDAExtension.12=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP "%1"
Access.ACCDCFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.ACCDEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.ACCDRFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /RUNTIME "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.ACCDTFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.ADEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Application.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.BlankDatabaseTemplate.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.BlankProjectTemplate.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.Extension.12=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP "%1"
Access.MDBFile="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.MDEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Project.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Shortcut.DataAccessPage.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]
Access.Shortcut.Diagram.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]
Access.Shortcut.Form.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]
Access.Shortcut.Function.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%1"]
Access.Shortcut.Macro.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]
Access.Shortcut.Module.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]
Access.Shortcut.Query.1=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]
Access.Shortcut.Report.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 2]
Access.Shortcut.StoredProcedure.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]
Access.Shortcut.Table.1=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]
Access.Shortcut.View.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]
Access.WizardDataFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.WizardUserDataFile.12="c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Workgroup.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
accesshtmlfile="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE"
accessthmltemplate="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE"
acrobat="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" /u "%1"
AcroExch.acrobatsecuritysettings.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document.7="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.pdfxml.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
Azureus="c:\Program Files\Vuzee\Azureus.exe" "%1"
!d
BC="c:\Program Files\Vuzee\Azureus.exe" "%1"
BCTP="c:\Program Files\Vuzee\Azureus.exe" "%1"
Briefcase=explorer.exe %1
callto="c:\Program Files\Skype\Phonee\Skype.exe" "/callto:"%l""
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
!d
ChromeHTML="c:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
clpfile=clipbrd.exe %1
!d
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\system32e\CMMGR32.EXE "%1"
CopySettings.Wizard="c:\Program Files\SolidWorks Corp\SolidWorks\setup\i386e\copyoptwiz.exe" "%1"
Coverpage=%systemroot%\system32\fxscover.exe "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DBC.MPEG.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
desFile="c:\Program Files\Intuit\QuickBooks 2009e\QBW32.EXE" "%1"
DHT="c:\Program Files\Vuzee\Azureus.exe" "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
DWGEditor.Drawing=c:\PROGRA~1\SOLIDW~1\DWGEDI~1e\DWGEDI~1.EXE /dde
DWGEditor.Drawing1="c:\Program Files\SolidWorks Corp\DWGeditore\DWGEditor.exe" "%1"
eDrawings.dwg="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\EModelViewer.exe" %1
eDrawings.dxf="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\EModelViewer.exe" %1
eDrawings.easm="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\eDrawingOfficeAutomator.exe" "%1"
eDrawings.edrw="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\eDrawingOfficeAutomator.exe" "%1"
eDrawings.edw="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\EModelViewer.exe" "%1"
eDrawings.eprt="c:\Program Files\SolidWorks Corp\SolidWorks eDrawingse\eDrawingOfficeAutomator.exe" "%1"
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.AddInMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
Excel.CSV="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.OpenDocumentSpreadsheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.TemplateMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
!d
Ezprint=c:\Program Files\Dell V715we\ezprint.exe
feed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
feeds="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
giffile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
Google Earth.kmlfile=c:\Program Files\Google\Google Earth\cliente\googleearth.exe "%1"
Google Earth.kmzfile=c:\Program Files\Google\Google Earth\cliente\googleearth.exe "%1"
GoogleGadget="c:\Program Files\Google\Google Desktop Searche\GoogleDesktopDisplay.exe" /load "%1"
GoogleGadgetManifest="c:\Program Files\Google\Google Desktop Searche\GoogleDesktopDisplay.exe" /load "%1"
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
groove=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /url: "%1"
GrooveFile=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /grv: "%1"
GrooveLinkFile=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /grv: "%1"
GrooveSpaceArchive=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /grv: "%1"
GrooveToolArchive=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /grv: "%1"
GrooveVCard=c:\PROGRA~1\MICROS~2\Office12e\GROOVE.EXE /grv: "%1"
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
ifofile=c:\Program Files\InterVideo\WinDVDe\WinDVD.exe %1
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
InfoPath.Document.2="c:\Program Files\Microsoft Office\Office12e\INFOPATH.EXE" "%1"
InfoPath.Solution.2="c:\Program Files\Microsoft Office\Office12e\INFOPATH.EXE" "%1"
InfoPath.SolutionManifest.2="c:\Program Files\Microsoft Office\Office12e\INFOPATH.EXE" "%1"
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
InterVideo WinDVD Creator .wcp=c:\Program Files\InterVideo\WCreator2e\WCreator.exe "%L"
iqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
ITIClient.Document=c:\PROGRA~1\INTERA~1\INTERA~1e\iPlayer.exe "%1"
itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.AssocProtocol.itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
Ivi.MediaFile="c:\Program Files\InterVideo\WinDVDe\WinDVD.exe" %1
jarfile="c:\Program Files\Java\jre1.5.0_04\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre1.5.0_04\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
LiveUpdate.MIDI.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
Logitech.VideoEffectPackageHandler=c:\PROGRA~1\COMMON~1\Logishrd\LQCVFXe\MODELF~1.EXE "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
Magnet="c:\Program Files\Vuzee\Azureus.exe" "%1"
mailto="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" -c IPM.Note /m "%1"
McAfee.McAfee Anti-Theft="c:\Program Files\McAfee\Anti-Thefte\McPvTray.exe" -OpenVault "%1"
MediaCenter.C2R="c:\WINDOWS\eHomee\ehshell.exe" "%1"
MediaPackageFile="c:\Program Files\Microsoft Office\Office12e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.Works.wpjfile="c:\Program Files\Microsoft Workse\msworks.exe" "%1"
MicrosoftWorks.WordProcessor.5="c:\Program Files\Microsoft Workse\WksWP.exe" /SHELL "%1"
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MMS="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
Mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
MS-ITSS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome ms-itss:%1::/
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MSProject.MPD="c:\Program Files\Microsoft Office\Office12e\WINPROJ.EXE" "%1"
MSProject.MPX="c:\Program Files\Microsoft Office\Office12e\WINPROJ.EXE" "%1"
MSProject.Project.9="c:\Program Files\Microsoft Office\Office12e\WINPROJ.EXE" "%1"
MSProject.Template="c:\Program Files\Microsoft Office\Office12e\WINPROJ.EXE" "%1"
MSProject.Workspace="c:\Program Files\Microsoft Office\Office12e\WINPROJ.EXE" "%1"
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
MSWorks4Database="c:\Program Files\Microsoft Workse\WksDB.exe" "%1"
MSWorks4Sheet="c:\Program Files\Microsoft Workse\WksSS.exe" "%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
OfficeListShortcut="c:\Program Files\Microsoft Office\Office12e\MSPUB.EXE" %1
OfficeTheme.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
OISbmpfile="c:\PROGRA~1\MICROS~2\Office12e\OIS.EXE" /shellOpen "%1"
OISgiffile="c:\PROGRA~1\MICROS~2\Office12e\OIS.EXE" /shellOpen "%1"
OISjpegfile="c:\PROGRA~1\MICROS~2\Office12e\OIS.EXE" /shellOpen "%1"
OISpngfile="c:\PROGRA~1\MICROS~2\Office12e\OIS.EXE" /shellOpen "%1"
oms=rundll32.exe c:\PROGRA~1\MICROS~2\Office12e\OMSMAIN.DLL, OmsProtocolHandler %1
OneNote=c:\PROGRA~1\MICROS~2\Office12e\ONENOTE.EXE /hyperlink "%1"
OneNote.Package="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.Section.1="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.TableOfContents="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
OneNote.TableOfContents.12="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
Outlook.File.hol="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /hol "%1"
Outlook.File.ibc="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /v "%1"
Outlook.File.ics="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /ical "%1"
Outlook.File.msg="c:\Program Files\Microsoft Office\Office12e\OUTLOOK.EXE" /f "%1"
Outlook.File.vcf="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /v "%1"
Outlook.File.vcs="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /vcal "%1"
Outlook.Template="c:\Program Files\Microsoft Office\Office12e\OUTLOOK.EXE" /t "%1"
Outlook.URL.feed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
Outlook.URL.mailto="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" -c IPM.Note /m "%1"
Outlook.URL.stssync="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
Outlook.URL.webcal="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
outlookfeed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
outlookfeeds="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pnm="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
PowerPoint.Addin.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.OpenDocumentPresentation.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Slide.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideMacroEnabled.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.Template.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointxmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
Publisher.Document.12="c:\Program Files\Microsoft Office\Office12e\MSPUB.EXE" %1
Publishing Folder=explorer.exe /idlist,%I,%L
qbaFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qbbFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qbmFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qboFile="c:\Program Files\Intuit\QuickBooks 2009e\QBW32.EXE" -X "%1"
qbwFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qbxFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qbyFile="c:\Program Files\Common Files\Intuit\QuickBookse\QBLaunch.exe" "%1"
qdbfile="c:\Program Files\Quickene\qw.exe" "%1"
qdffile="c:\Program Files\Quickene\qw.exe" "%1"
qdtfile="c:\Program Files\Quickene\qw.exe" "%1"
qfxfile="c:\Program Files\Quickene\qw.exe" -X "%1"
qpgFile="c:\Program Files\Intuit\QuickBooks 2009e\QBW32.EXE" "%1"
qsmFile="c:\Program Files\Intuit\QuickBooks 2009\Components\ISWe\Statement.ico"
qssFile="c:\Program Files\Intuit\QuickBooks 2009\Components\ISWe\StatementStyle.ico"
qstFile="c:\Program Files\Intuit\QuickBooks 2009\Components\ISWe\StatementTemplate.ico"
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qup=c:\PROGRA~1\QUICKT~1e\QuickTimeUpdater.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
qwcfile="c:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnectore\QBWebConnector.exe" "%1"
qwmodfile="c:\Program Files\Quickene\qw.exe" "%1"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
RealJukebox.ACP.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.CDA.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RJT.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMJ.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMP.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMX.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.wma.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.3GPP2.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.3GPP_AMR.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AAC.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AIFF.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AMR.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AMR_WB.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AU.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AutoPlay.6="c:\program files\real\realplayer\e\RealPlay.exe" /autoplay "%1"
RealPlayer.AVI.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.CDBurn.6="c:\program files\real\realplayer\e\RealPlay.exe" /burn "%1"
RealPlayer.DIVX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.DVDBurn.6="c:\program files\real\realplayer\e\RealPlay.exe" /burndvd "%1"
RealPlayer.EVRC.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.FLV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.IVR.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.M4A.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP1.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP2.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP3.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP3PL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP4.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPEG.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPGA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.PIX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.PLSPL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.QCP.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.qt.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RAM.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RAX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RM.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RMS.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RMVB.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RP.6="c:\Program Files\Common Files\Real\Update_OBe\rnxproc.exe" "%1"
RealPlayer.RSML.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RT.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RVX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.SDP.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.SMIL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.WAV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wax.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wm.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmf.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmv.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmx.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wvx.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
rtsp="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
SavedDsQuery=rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
skype="c:\Program Files\Skype\Phonee\Skype.exe" "/uri:%l"
skype-plugin="c:\Program Files\Skype\Plugin Managere\skypePM.exe" "/uri:%1"
skype.callto="c:\PROGRA~1\Skype\Phonee\Skype.exe" "/callto:%l"
Skype.Content="c:\Program Files\Skype\Phonee\Skype.exe" /file:"%1"
SldAssem.Document=c:\PROGRA~1\SOLIDW~1\SOLIDW~1e\sldworks.exe /dde
SldDraw.Document=c:\PROGRA~1\SOLIDW~1\SOLIDW~1e\sldworks.exe /dde
SldPart.Document=c:\PROGRA~1\SOLIDW~1\SOLIDW~1e\sldworks.exe /dde
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
SpybotSD.DisabledFile="c:\Program Files\Spybot - Search & Destroye\blindman.exe" "%1"
SpybotSD.SBEFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SpybotSD.SBIFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SpybotSD.SBSFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SpybotSD.TInfoFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SpybotSD.UTIFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SpybotSD.UTSFile="c:\Program Files\Spybot - Search & Destroye\SpybotSD.exe" "%1"
SSM="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
stssync="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
UtlReportViewer.Document=c:\PROGRA~1\SOLIDW~1\SOLIDW~1e\UTLREP~1.EXE %1
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
Visio.Drawing.11="c:\Program Files\Microsoft Office\Office12e\VISIO.EXE" "%1"
Visio.Stencil.11="c:\Program Files\Microsoft Office\Office12e\VISIO.EXE" /ro "%1"
Visio.Template.11="c:\Program Files\Microsoft Office\Office12e\VISIO.EXE" "%1"
Visio.Workspace.11="c:\Program Files\Microsoft Office\Office12e\VISIO.EXE" "%1"
VisioViewer.Viewer="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
VisualStudio.ContentInstaller.vscontent="c:\Program Files\Common Files\Microsoft Shared\MSEnve\VSContentInstaller.exe" "%1"
VisualStudio.ContentInstaller.vsi="c:\Program Files\Common Files\Microsoft Shared\MSEnve\VSContentInstaller.exe" "%1"
VisualStudio.Launcher.sln="c:\Program Files\Common Files\Microsoft Shared\MSEnve\VSLauncher.exe" "%1"
vobfile=c:\Program Files\InterVideo\WinDVDe\WinDVD.exe %1
VSTA.config.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.cs.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.csproj.8.0="c:\Program Files\Common Files\Microsoft Shared\MSEnve\VSLauncher.exe" "%1"
VSTA.datasource.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.disco.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.dtd.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.sdl.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.snippet.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.txt.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde "%1"
VSTA.vb.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.vbproj.8.0="c:\Program Files\Common Files\Microsoft Shared\MSEnve\VSLauncher.exe" "%1"
VSTA.vstemplate.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.wsdl.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.xdr.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.xml.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.xsl.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
VSTA.xslt.8.0="c:\Program Files\Microsoft Visual Studio 8\Common7\IDEe\vsta.exe" /dde
Vuze="c:\Program Files\Vuzee\Azureus.exe" "%1"
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webcal="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
webcals="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker="c:\Program Files\Movie Makere\moviemk.exe" %1
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WinDVD.playback=c:\Program Files\InterVideo\WinDVDe\WinDVD.exe %1
WLANImportFile=c:\Program Files\Intel\Wireless\bine\iWrap.exe /CMD:7 %1
WMAfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.OpenDocumentText.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XFDL.Document.1=c:\PROGRA~1\IBM\LOTUSF~1\Viewer\3.5e\masqform.exe "%1"
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE12e\MSOXMLED.EXE" /verb open "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt

=============== Created Last 30 ================


==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\WINDOWS\system32e\isign32.dll

============= FINISH: 1:26:45.50 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 12 February 2011 - 11:46 PM

Hello Mark ,

Posted Image

You have a rootkit, so let's deal with that and see what might be left after. :thumbup2:

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 maddab79

maddab79
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 13 February 2011 - 07:20 AM

Tea,

That fixed it right away. Thank you so much. Is there anything I can do to avoid this problem in the future? I am already running McAfee but that didn't seem to catch it.

Mark

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 13 February 2011 - 09:03 AM

Good morning Mark,

You're welcome. :)

I'm glad that worked, but I sure would like to have one more report at the very least to be sure there are no leftovers lurking anywhere. Could I please see a DDS log from the directions here? http://www.bleepingcomputer.com/forums/topic34773.html

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 maddab79

maddab79
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 13 February 2011 - 12:18 PM

Tea, sorry I forgot to post that. Here you go.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Mark at 18:15:47.51 on Sun 02/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2169 [GMT 1:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dleecoms.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Dell V715w\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell V715w\dleemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Documents and Settings\Mark\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AdvBHO: {2ed2390a-e6f6-f895-fe75-013e2d97184a} - c:\documents and settings\mark\AdvBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101108195143.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WxZXSgYvbmo] c:\documents and settings\all users\application data\WxZXSgYvbmo.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RvT7Nad0] c:\documents and settings\all users\application data\RvT7Nad0.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CBhwqClCCI.exe] c:\documents and settings\all users\application data\CBhwqClCCI.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [EzPrint] "c:\program files\dell v715w\ezprint.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dleemon.exe] "c:\program files\dell v715w\dleemon.exe"
mRun: [Dell V715w Fax Server] "c:\program files\dell v715w\fm3032.exe" /s
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mark\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {5f0c266a-be66-4416-9af0-c240174e1599} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-1 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-1 84072]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2008-5-30 198184]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-25 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-1 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-1 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-1 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-1 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-1 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88544]
R3 OMNCMBP;Omnikey AG CardMan 4000 PCMCIA Smart Card Reader;c:\windows\system32\drivers\cmbp0wdm.sys [2009-12-13 20736]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2010-7-17 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-6-15 87336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-1 84264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-24 8320]
S3 SVRPEDRV;SVRPEDRV; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2011-02-12 21:34:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-12 21:34:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-11 14:59:47 306192 ----a-w- c:\documents and settings\mark\AdvBHO.dll
2011-02-10 19:48:40 -------- d-----w- c:\program files\Shared
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 18:17:25.70 ===============

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 13 February 2011 - 12:29 PM

Hi there,

Thank you so much for that. :thumbup2: There are indeed some things to take care of here.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Those old versions also take up a ton of space! Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

There are also some bad files/folders that need to go, so I need for you to run this. You'll have to uninstall McAfee for this, but ComboFix will take you offline for the run so it'll be all right. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. <_<

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to maddab.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 maddab79

maddab79
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 13 February 2011 - 05:42 PM

Tea,

Here is the Combofix log file.

Thanks,
Mark


ComboFix 11-02-12.02 - Mark 02/13/2011 19:36:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2361 [GMT 1:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mark\AdvBHO.dll
c:\documents and settings\Mark\Start Menu\Programs\Windows Disk
c:\documents and settings\Mark\Start Menu\Programs\Windows Disk\Uninstall Windows Disk.lnk
c:\documents and settings\Mark\Start Menu\Programs\Windows Disk\Windows Disk.lnk
c:\program files\Shared
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.

2011-02-13 17:58 . 2011-02-13 17:58 -------- d-----w- c:\program files\Common Files\Java
2011-02-13 17:57 . 2011-02-13 17:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-13 17:57 . 2011-02-13 17:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-13 11:57 . 2011-02-13 11:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-13 09:53 . 2011-02-13 09:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-12 21:34 . 2011-02-12 21:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-12 21:34 . 2011-02-12 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-12 18:53 . 2011-02-12 18:53 -------- d-----w- c:\program files\Common Files\Skype
2011-02-11 19:05 . 2011-02-11 19:05 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-11 18:55 . 2011-02-11 18:55 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-11 18:28 . 2011-02-11 18:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-24 13:40 . 2011-01-24 13:40 -------- d-----w- c:\documents and settings\Kids\Application Data\Apple Computer
2011-01-24 13:40 . 2011-01-24 13:40 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Apple Computer
2011-01-24 13:39 . 2011-01-24 13:39 -------- d-----w- c:\documents and settings\Kids\Application Data\V715w
2011-01-24 13:37 . 2011-01-24 13:37 -------- d-----w- c:\documents and settings\Kids\Application Data\PC Suite
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 12:03 . 2006-02-15 15:33 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-01-21 14:44 . 2006-02-15 14:03 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-15 14:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-15 14:04 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-02-15 14:02 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2006-02-15 14:02 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-02-15 14:02 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-02-15 14:03 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2006-02-15 14:03 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-02-15 15:36 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mark\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mark\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mark\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Google Update"="c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-01 202256]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-14 122880]
"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2010-01-18 139944]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2010-01-18 770728]
"Dell V715w Fax Server"="c:\program files\Dell V715w\fm3032.exe" [2010-01-18 316072]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-30 298024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mark\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Mark\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-30 128552]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2008-05-30 01:57 109568 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2008-05-30 01:57 293888 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CFSvcs"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dleecoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/30/2008 2:57 AM 198184]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/15/2006 3:04 PM 14336]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R3 OMNCMBP;Omnikey AG CardMan 4000 PCMCIA Smart Card Reader;c:\windows\system32\drivers\cmbp0wdm.sys [12/13/2009 7:41 PM 20736]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys --> c:\windows\system32\drivers\McPvDrv.sys [?]
S2 0245481297620935mcinstcleanup;McAfee Application Installer Cleanup (0245481297620935);c:\docume~1\Mark\LOCALS~1\Temp\024548~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Mark\LOCALS~1\Temp\024548~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [7/17/2010 9:27 PM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 5:24 AM 135664]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6/15/2010 2:14 PM 87336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/24/2010 9:42 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/24/2010 9:42 PM 8320]
S3 SVRPEDRV;SVRPEDRV; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 4:01 PM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:23]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:23]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3188523527-2101432556-2132391572-1005Core.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-12 17:40]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3188523527-2101432556-2132391572-1005UA.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-12 17:40]

2011-02-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3188523527-2101432556-2132391572-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-02-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3188523527-2101432556-2132391572-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-02-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3188523527-2101432556-2132391572-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3188523527-2101432556-2132391572-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-WxZXSgYvbmo - c:\documents and settings\All Users\Application Data\WxZXSgYvbmo.exe
HKCU-Run-RvT7Nad0 - c:\documents and settings\All Users\Application Data\RvT7Nad0.exe
HKCU-Run-CBhwqClCCI.exe - c:\documents and settings\All Users\Application Data\CBhwqClCCI.exe
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
SafeBoot-klmdb.sys
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll

- - - - - - - > 'explorer.exe'(8744)
c:\windows\system32\WININET.dll
c:\documents and settings\Mark\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dleecoms.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\eHome\ehmsas.exe
c:\windows\AGRSMMSG.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-02-13 19:56:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-13 18:56

Pre-Run: 11,297,062,912 bytes free
Post-Run: 11,851,771,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - BD89FE298E0038C8054596CD94D4C69F

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 20 February 2011 - 10:49 AM

Mark, are you still with me? I'm so sorry....this slipped through somehow. I do apologize. :(

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users